• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Tomcat 5.0x with SSL - Could not find trusted certificate  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, I am in the process of switching from IIS 5.0 (with Tomcat3) to Tomcat 5.0x in one of my projects. But I cant seem to get it running correctly, as soon as I start Tomcat I recieve the following error.

javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Could not find trusted certificate

After searching the net this is my solution. Is there anyone who could point out what I am doing wrong?

1. I have the approved *.cer from my certification authority stored on my C drive

2. I have downloaded the root.cer from my certification authority and created a keystore with the alias "root"
-> keytool -import -trustcacerts -keystore c:\my.kdb -alias root -file c:\root.cer

3. I then imported my approved *.cer file into the new keystore with the alias "tomcat"
-> keytool -import -trustcacerts -keystore c:\my.kdb -alias tomcat -file c:\validator20060324.cer

4. I use keytool to import my approved *.cer into my cacerts
->keytool -import -alias tomcat -keystore C:\j2sdk1.4.2_08\jre\lib\security\cacerts -trustcacerts -file c:\root.cer


And then add the following to server.xml and restart.

<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\my.kdb" keystorePass="xxx"
truststoreFile="C:\j2sdk1.4.2_08\jre\lib\security\cacerts" truststorePass="xxx"
/>

Thanks in advance
/Jonas Ladenfors
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found that I had to set JAVA_OPTS in the catalina.bat that duplicate the trustStore and keystore paths and the passwords so that the JVM sees these things defined when it starts.
I don't know why the connector attributes is not enough.
Bill
 
Jonas Ladenfors
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I added this to my catalina.bat

<->
set JAVA_OPTS=%JAVA_OPTS%;-Djavax.net.ssl.keyStore=c:\my.kdb
-Djavax.net.ssl.keyStorePassword=xxx
-Djavax.net.ssl.trustStore=C:\j2sdk1.4.2_08\jre\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=xxx
<->

Unfortunally it did not solve my problem. Is this how you did it? or is it still something I am missing?

/Jonas
[ September 04, 2006: Message edited by: Jonas Ladenfors ]
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yep, thats kind of how I did it, all on one line, but I used quotes on all the attribute values.
Bill
 
Jonas Ladenfors
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hmm I tried qoutes too but with no luck. I am going to do a new certificate application to se if there is something wrong witch my certificate.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!