I obtained a CSR from GoDaddy. The only cipher suite GoDaddy supports is "SHA1 with RSA", which is not in the list of Java 1.6.0_01 supported ciphers.
Can I get "SHA1 with RSA" for Java somewhere?
Should I revoke by CSR from GoDaddy and get a CSR from somebody who can provide me with a Java-supported cipher?
If the answer to the above question is "yes", to whom should I go for the CSR?
Thanks.
The GoDaddy certificate is signed with only one cipher suite supported: "SHA1 with RSA".
When I use the following code to initialize my Java SSL server app using the GoDaddy certificate (in file "keystore"), I get the message, "No available certificate or key corresponds to the SSL cipher suites which are enabled."
When I use the following code with a certificate I generate myself (in file "keystore"), the app works fine in SSL, except that I get the security warning screen from IE when I access the server.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = sslcontext.getServerSocketFactory();
sslServerSocket = (SSLServerSocket) ssf.createServerSocket(portNumber);
When I run the following code, I note that "SHA1 with RSA" is not listed. I assumed the problem is that Java does not support "SHA1 with RSA". I am (clearly) not an expert in this SSL stuff, any help would be appreciated.
String[] sss = sslServerSocket.getEnabledCipherSuites();
for (int x = 0; x < sss.length; x++)
System.out.println(sss[x]);
OK
> Should I revoke by CSR from GoDaddy and get a CSR from somebody who can provide me with a Java-supported cipher?
Yes
> If the answer to the above question is "yes", to whom should I go for the CSR?
Baltimore, Equifax, Entrust.net, CyberTrust, GeoTrust, Verisign, Thawte, there's a long list. GoDaddy seems pretty lame judging by this ...
