tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Roberts <...@mentata.com>
Subject Re: setting the trust store
Date Wed, 10 Sep 2003 15:36:13 GMT
Problem solved. I was using the same dn for the CA cert as for the 
server cert and I think that's where it was failing.

Jon Roberts
www.mentata.com

Jon Roberts wrote:
> I am writing a servlet that connects to remote servers using SSL 
> sockets. Although I can create SSL connections to these servers using 
> other software, I can't seem to get my servlet to trust the certificate 
> in tomcat.
> 
> The crux of the problem seems to be that I used a local CA. I import my 
> ca certificate into a keystore:
> 
> keytool -import -alias myca -keystore /usr/local/tomcat/conf/catrust.jks 
> -trustcacerts -file /tmp/cacert.pem
> 
> I use a password of "changeit". Then in the tomcat launch script I have:
> 
> CATALINA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/tomcat/conf/catrust.jks 
> -Djavax.net.ssl.trustStorePassword=changeit"
> export CATALINA_OPTS
> 
> Yet I still get the following thrown from within my servlet:
> 
> java.security.cert.CertificateException: Signature verification failed
> 
> What could be causing this to fail? As I said, this certificate and CA 
> combination works fine for SSL through non-Java clients.




Mime
View raw message