tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre-John Mas <aj...@sympatico.ca>
Subject Re: Ignore or Trust any certificate
Date Sat, 11 Jul 2009 13:38:47 GMT

On 11-Jul-2009, at 00:36, kareem_s_m wrote:

>
> So when my site connects to a site through HTTPS protocol, tomcat  
> tires to
> validate the server certificate with the cacerts keystore in my JDK.  
> Now if
> the server certificate is signed by a trusted authority then the  
> connection
> is successful. But if the certificate is a test one (not signed by any
> trusted authority) and when tomcat tries to validate the  
> certificate, the
> validation fails and the connection fails. The error I get it as  
> follows:
>
> Caught unhandled exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable  
> to find
> valid certification path to requested target.
>
> So to avoid this, I want to know if tomcat can ignore or trust any  
> server
> certificate with out validating it.

What API are you using to connect to the server? For example the default
java.net.URL or HttpClient?

If you are using HttpClient, you may want to look at this thread:

http://forums.sun.com/thread.jspa?threadID=411937&messageID=1886339

André-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message