Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 97102 invoked from network); 25 Jun 2003 06:22:31 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 25 Jun 2003 06:22:31 -0000 Received: (qmail 2810 invoked by uid 97); 25 Jun 2003 06:25:03 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 2803 invoked from network); 25 Jun 2003 06:25:02 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 25 Jun 2003 06:25:02 -0000 Received: (qmail 95735 invoked by uid 500); 25 Jun 2003 06:22:17 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 95720 invoked from network); 25 Jun 2003 06:22:16 -0000 Received: from main.gmane.org (80.91.224.249) by daedalus.apache.org with SMTP; 25 Jun 2003 06:22:16 -0000 Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 19V3bX-0006Nn-00 for ; Wed, 25 Jun 2003 08:18:03 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: tomcat-user@jakarta.apache.org Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 19V3Xe-0006Es-00 for ; Wed, 25 Jun 2003 08:14:02 +0200 From: "Bill Barker" Subject: Re: SSL Handshake Error / Couldn't find trusted certificate Date: Tue, 24 Jun 2003 23:24:03 -0700 Lines: 185 Message-ID: References: <20030623223124.52015.qmail@web41604.mail.yahoo.com> <3EF930C2.4060605@terra.es> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_00D8_01C33AA7.B3E0A7E0" X-Complaints-To: usenet@main.gmane.org X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: news X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------=_NextPart_000_00D8_01C33AA7.B3E0A7E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable "Antonio Fiol Bonn=EDn" wrote in message = news:3EF930C2.4060605@terra.es... > I found that while trying to open a SSL (in fact HTTPS) connection = from=20 > inside a servlet. Could it be that? >=20 If you have a 1.4.x JVM, then opening a https connection should be easy. = This is assuming that the server has a Verisign or Thwait signed cert = (at least for Sun's JVM, other vendors may supply a different set of = cacerts). Otherwise you need to add the root signer to your cacerts on = the client. =20 >=20 >=20 > Bill Barker wrote: >=20 > >This is happening too late to be a server-cert problem. I'm guessing = that > >you specified CLIENT-CERT auth, but you don't have any valid certs. > > > >"Dan Soschin" wrote in message > >news:20030623223124.52015.qmail@web41604.mail.yahoo.com... > > =20 > > > >>Specs: Tomcat 4.0.6 w/ JDK 1.4.1 on Windows 2000 Advanced Server > >> > >>I run the keytool command to generate keystore successfully, = obtained a > >> =20 > >> > >csr from thawte and > > =20 > > > >>successfully imported it into the keystore file. I modified the > >> =20 > >> > >server.xml file to point to the > > =20 > > > >>keystore file, etc, uncommenting SSL connector > >> > >>When I access my app at https:8443/myapp... I get the follow error = in > >> =20 > >> > >Tomcat: > > =20 > > > >>2003-06-23 14:57:40 StandardWrapperValve[portal]: Servlet.service() = for > >> =20 > >> > >servlet portal threw > > =20 > > > >>exception > >>javax.servlet.ServletException: Exception opening resource > = >>https://localhost:8443/portal/FileMenuController.exec?action=3DviewAlt:= > >>javax.net.ssl.SSLHandshakeException: > >> =20 > >> > >java.security.cert.CertificateException: Couldn't find > > =20 > > > >>trusted certificate > >> > >>I'm new to Tomcat/SSL, but I have gone over the instructions in the = howTo > >> =20 > >> > >from apache and thawte > > =20 > > > >>and cannot get any further. > >> > >>Can anybody please tell me what stupid thing I forget to do? I'm = sure its > >> =20 > >> > >obvious. > > =20 > > > >>Thanks! > >> > >>__________________________________ > >>Do you Yahoo!? > >>SBC Yahoo! DSL - Now only $29.95 per month! > >>http://sbc.yahoo.com > >> =20 > >> > > > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > > > =20 > > >=20 >=20 ------=_NextPart_000_00D8_01C33AA7.B3E0A7E0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKTzCCAj0w ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF 4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d 6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix 3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR cZQwggNiMIICy6ADAgECAhAL2gsXwT+JjqsJdHq0zi4zMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4GwMIGtMA8GA1UdEwQIMAYBAf8CAQAw RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29t L3BjYTEuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQECBQAD gYEAAn2eb0VLOKC43ulTZCG85Ewrjx7+kkCs2Ao5aqEyISwHm6tZ/tJiGn1VOLA3c9z0B2ZjYr3h U3BSh+eo2FLpWy2q4d7PrDFU1IsZyNgjqO8EKzJ9LBgcyHyJqC538kTRZQpNdLXu0xuSc3QuiTs1 E3LnQDGa07LEq+dWvovj+xUwggSkMIIEDaADAgECAhBaAxoLstvr6Jt0LqC3B+Z+MA0GCSqGSIb3 DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTAzMDYxNjAwMDAw MFoXDTA0MDYyMTIzNTk1OVowggEWMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0 b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBO b3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVs bCBTZXJ2aWNlMRcwFQYDVQQDFA5XaWxsaWFtIEJhcmtlcjEjMCEGCSqGSIb3DQEJARYUd2Jhcmtl ckB3aWxzaGlyZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL0RURWRVTyeiHhmnYBj 0sg3RSzjb9dK789ZaVLrCtUjjD6D/0O3az6NEyzBHpbazPQzGbLBjIe8z1wwcd/w1CFCTfd5C6sT hGZlOZDvK3pfXS5RJi5M8BRQr38M8DLRp/fJyNAb/yELMPWir0RmSOeeflQQ/Kf8Npv8A9BLmjNv AgMBAAGjggE4MIIBNDAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG+EUBBwEBMIGO MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsGAQUFBwICMFYw FRYOVmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVu Y2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhCAQEEBAMCB4AwMAYKYIZIAYb4 RQEGBwQiFiAzZDRjNmJmYmUwYzFiMzBiNzg0MzE3ZTBmMDBlMjgwZTAzBgNVHR8ELDAqMCigJqAk hiJodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAFb0 zq/JeE4EufFFdw6pnysstoGkuEtoV9d9CapOEsTH78hLulQsmSDpOLfTZ9ovn46aAV3AZKpvDoTX gIiHOdArNWL/rR5Q5idseMRcYdcJLez5K6Qwggxc4UuQxS9OUEhEJFfmS8xD7swMjs8Q0DrVqzt+ VosHxn4sC4B1p23TMYICRTCCAkECAQEwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9W ZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxp ZGF0ZWQCEFoDGguy2+vom3QuoLcH5n4wCQYFKw4DAhoFAKCBujAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzA2MjUwNjI0MDRaMCMGCSqGSIb3DQEJBDEWBBRyqjUH Xi4gBgi7XqkupmW6c+/GEDBbBgkqhkiG9w0BCQ8xTjBMMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC AgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCHTANBgkq hkiG9w0BAQEFAASBgLTdvWe26wfLrA8+yk3WxAmeyAHfbvkQBC6Po3R9Hv+K2SMG+qxtaahmq5Kr faJnMx8sIki+41n/phg6i46mYHufj9bkG4gNglPBH0y5VYPfcCuQc3xO/hI2JpZlCUfbBU21pKva 1gekBEBKd939IczajAUFyXWHP8HKzteVcaG9AAAAAAAA ------=_NextPart_000_00D8_01C33AA7.B3E0A7E0--