Win a copy of The Journey To Enterprise Agility this week in the Agile and Other Processes forum! And see the welcome thread for 20% off.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

SSLHandshake exception [ PLEASE HELP]  RSS feed

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
My situation is a lil complicated. I have apache, liferay and tomcat with liferay on a separate machine. Apache sends portal requests to liferay, liferay authenticates the user and accordingly sends authentication status to a webapplication deplyoed in tomcat. Then redirects the client to the webapplication.

Now the problem is when liferay is trying to communicate with tomcat over HTTPS i get an

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
java.io.IOException

I have tried to import the certificate into the cacerts but its still not working. Can any 1 help !!!
 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Kd,

I don't knoow the full details of your setup, however, it appears whatever is your client is not finding the certificate it needs. Although you will have setup a certificate for your server, you need to import this into the keystore that your client will use.

By default, this is ${JAVA_HOME}/jre/lib/security/cacerts

You can do this with keytool.
 
clive jordan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It looks to me like liferay needs to know about the tomcat certificate. I am unfamiliar with liferay and would *assume* that it reads the default cacerts but it may be trying to read another keystore.

Tomcat, by default puts it's certificate in ${HOME}/.keystore where ${HOME} is the user home directory tomcat uses. I guess you must have done this as tomcat would not run under HTTPS otherwise. You can always check by pointing a web-browser at it using https://machinename:httpsport

You can export the certificate from .keystore using:

keytool -export -alias tomcat -file tomcat.cert

(provided you created the certificate and gave it an alias of 'tomcat')

Then you can import this into the default cacerts using:

keytool -import -alias tomcat -keystore ${JAVA_HOME}/jre/lib/security/cacerts -trustcacerts -file tomcat.cert

If liferay does not use the default cacerts file, I guess you have to check with the document where it expects to find certificates and re-run the keytool import specifying the correct keystore.

Just a few stabs in the dark....

Clive
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!