Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Enable SSL in existing web application when deploying it locally on Tomcat  RSS feed

Namrata Narula
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I created the self signed certificate using java keytool and gave the path of the .keystore file in server.xml file in the conf folder of Tomcat.
I have an existing Web Application where I am using SOAP web services and I have to configure SSL in it.
I added the following code in the web.xml file of the application
Now redeploying this application on Tomcat I run the URL as
https://localhost:8443/DgSuite/login.html (My application URL)
It opens successfully ,but I am not able to login as it says cannot connect
I also changed the path in WSDL file from localhost:8080 to https://localhost:8443 and i am able to open the wsdl with new URL
But I am not able to further login.I am not getting any error in Tomcat logs or even in the debugger (for firefox).
Kindly help

Also Noticed that in the debugger it says it cannot connect to WSDL saying
"{\"success\": false, \"error\": \"Can not connect to controller at https://localhost:8443/dgcontroller/ControllerConnectorPort?wsdl exception: Failed to access the WSDL at: https://localhost:8443/dgcontroller/ControllerConnectorPort?wsdl. It failed with: PKIX path building failed: unable to find valid certification path to requested target.\"}"
Paul Clapham
Posts: 22503
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I'm not mistaken, the clients of your SSL-enabled application have to trust your certificate. So if your certificate was from one of the big certificate issuers, the client would recognize it. But it isn't. So the client doesn't recognize it, and it says so. (That's what the error message means.)

That means that you'll have to import the root certificate of your self-signed certificate into the keystore of any client which wants to connect to your site. This would include the browser of anybody who wants to connect, which in your case I think means your copy of Firefox. This has nothing to do with Tomcat, by the way, it's a rule of SSL. By the way I may not have used the correct terminology in my answer -- it's been several years since I had to import the certificate of a host with an unrecognizable certificate.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!