tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: ssl connector
Date Mon, 16 Feb 2009 21:22:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ryan,

On 2/13/2009 12:09 AM, epicwinter@hotmail.com wrote:
> The application I
> am developing uses tomcat on the back end and a swing client on the
> front with the Spring HttpInvoker.
> 
> So first I got it working without apr.  After I set up the connector
> I changed it so when i ran my java client using this vm parameter 
> -Djavax.net.ssl.trustStore="keystore.jks"

If you are using a self-signed certificate, I suspect you will need to
set the trustStore no matter what server-side configuration you have.

> Tomcat starts and acknowledges that apr is working without a problem.
> I thought that with apr I could just run the client without the
> trustStore parameter set.

Why?

> But i get this error: Caused by:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> 
> So how do I tell the client about the cert?  I tried the
> trustStore="pathtocert" but that didn't work.

What about trustStore="keystore.jks" like you did above? Are you
possibly confusing what files are on the client versus which are on the
server?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmZ2S8ACgkQ9CaO5/Lv0PCwhACgiZNhJ4o5XwVa7xlGhko8ciWs
7F4AniQM6x4KItjPJN1RNme6Nrb0Gg4s
=A4xI
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message