tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: [OT] Couldn't find trusted certificate
Date Thu, 26 Jun 2003 04:51:47 GMT
You should be able to import into the normal keystore as well using the
'-trustcacerts' option for 'keytool -import ...'.  I've never tryed it
myself personally, but the docs for 'keytool' says it should work.

"Antonio Fiol Bonnín" <fiol.bonnin@terra.es> wrote in message
news:3EF9F0B9.1010001@terra.es...
> I know, this is O-T.
>
> How can I load a cacert which is NOT in the cacerts file? (I have
> read-only access to that file so I can't add my cacert to it)
>
> Thank you very much.
>
> Antonio Fiol
>
> Bill Barker wrote:
>
> >"Antonio Fiol Bonnín" <fiol.bonnin@terra.es> wrote in message
news:3EF930C2.4060605@terra.es...
> >
> >
> >>I found that while trying to open a SSL (in fact HTTPS) connection from
> >>inside a servlet. Could it be that?
> >>
> >>
> >>
> >
> >If you have a 1.4.x JVM, then opening a https connection should be easy.
This is assuming that the server has a Verisign or Thwait signed cert (at
least for Sun's JVM, other vendors may supply a different set of cacerts).
Otherwise you need to add the root signer to your cacerts on the client.
> >
> >
> >
> >
> >
> >>Bill Barker wrote:
> >>
> >>
> >>
> >>>This is happening too late to be a server-cert problem.  I'm guessing
that
> >>>you specified CLIENT-CERT auth, but you don't have any valid certs.
> >>>
> >>>"Dan Soschin" <d_soschin@yahoo.com> wrote in message
> >>>news:20030623223124.52015.qmail@web41604.mail.yahoo.com...
> >>>
> >>>
> >>>
> >>>
> >>>>Specs: Tomcat 4.0.6 w/ JDK 1.4.1 on Windows 2000 Advanced Server
> >>>>
> >>>>I run the keytool command to generate keystore successfully, obtained
a
> >>>>
> >>>>
> >>>>
> >>>>
> >>>csr from thawte and
> >>>
> >>>
> >>>
> >>>
> >>>>successfully imported it into the keystore file.  I modified the
> >>>>
> >>>>
> >>>>
> >>>>
> >>>server.xml file to point to the
> >>>
> >>>
> >>>
> >>>
> >>>>keystore file, etc, uncommenting SSL connector
> >>>>
> >>>>When I access my app at https:8443/myapp... I get the follow error in
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Tomcat:
> >>>
> >>>
> >>>
> >>>
> >>>>2003-06-23 14:57:40 StandardWrapperValve[portal]: Servlet.service()
for
> >>>>
> >>>>
> >>>>
> >>>>
> >>>servlet portal threw
> >>>
> >>>
> >>>
> >>>
> >>>>exception
> >>>>javax.servlet.ServletException: Exception opening resource
> >>>>https://localhost:8443/portal/FileMenuController.exec?action=viewAlt:
> >>>>javax.net.ssl.SSLHandshakeException:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>java.security.cert.CertificateException: Couldn't find
> >>>
> >>>
> >>>
> >>>
> >>>>trusted certificate
> >>>>
> >>>>I'm new to Tomcat/SSL, but I have gone over the instructions in the
howTo
> >>>>
> >>>>
> >>>>
> >>>>
> >>>from apache and thawte
> >>
> >>
> >>>
> >>>
> >>>
> >>>
> >>>>and cannot get any further.
> >>>>
> >>>>Can anybody please tell me what stupid thing I forget to do?  I'm sure
its
> >>>>
> >>>>
> >>>>
> >>>>
> >>>obvious.
> >>>
> >>>
> >>>
> >>>
> >>>>Thanks!
> >>>>
> >>>>__________________________________
> >>>>Do you Yahoo!?
> >>>>SBC Yahoo! DSL - Now only $29.95 per month!
> >>>>http://sbc.yahoo.com
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
>
>




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message