tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ert <>
Subject Debugging outbound SSL communications?
Date Fri, 05 Sep 2003 16:10:39 GMT
I'm using a poorly-supported external service that interacts over SSL.   
I can connect fine to their production environment, but their developer  
environment apparently uses a less-well-known certifying authority, and  
when I try to use it I am thwarted:

> Connection has been shutdown:  
> Could not find trusted  
> certificate
> 	at
> 	at
> 	at  
> sun.nio.cs.StreamDecoder$CharsetSD.readBytes(
> 	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(
> 	at
> 	at

The vendor informs me that I merely need to add the appropriate key:

> The Equifax Key is not in Java by default. You need to add it.   
> Example:
> 1) cd $JAVA_HOME/jre/lib/security/cacerts
> 2) copy the GeoTrust root from here:
> Equifax_Secure_Certificate_Authority.cer
> to the file geotrustroot.cer in this directory
> 3) Run this command:
> keytool -import -trustcacerts -alias geotrustroot -keystore cacerts  
> -file geotrustroot.cer -storepass changeit

I've imported this key to every keystore I can find or think of on my  
Mac OS X system (keytool's default one,  
/Library/Java/Home/lib/security/cacerts, ~/.keystore, ~root/.keystore)  
and I continue to get the same error.

So now I'm trying to figure out if a default Tomcat 4.1.24 install uses  
its own keystore.  If not I'm hoping to find some way I can figure out  
what key the SSL connection is being presented with, and what keystore  
it's attempting to find a matching key in.  I don't know if I just have  
the wrong certificate, or if I've put it in the wrong place.

Any thoughts from the gallery?

- Ert

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message