tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Javamelody and Struts
Date Thu, 26 Apr 2012 13:42:20 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Miguel,

On 4/26/12 3:35 AM, Miguel González Castaños wrote:
>> If no web browser reports the server certificate as not valid,
>> then what's the problem?
>> 
> From my original email:
> 
> "Now that I'm trying to configure javamelody in Tomcat 5 with HTTPS
> I get the following error when I try to add the context and the
> URL: javamelody avax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target."

So this is an error you get from Javamelody? I thought you were
getting this on the server you were monitoring (i.e. the main webapp,
not javamelody).

> I'm trying to add my context and the URL for my webapp in the
> javamelody application:
> 
> http://myweb.com/javamelody/?

Forgive my ignorance (I have no experience with Javamelody), but is
this how you add a webapp to javamelody for monitoring?

> I get two fields and an Add button to do that. In my tests I was
> able to do add a monitor for my webapp if it uses the HTTP protocol
> but not in the production system where it uses HTTPS.
> 
> The question is, how do I know that I have added the right
> intermediate certs from verisign?

I thought you needed to configure your own Tomcat server to *use* an
SSL certificate. It seems that you were already doing that without a
problem (because most clients seem to be happy with the certificate
chain presented by the server).

If Javamelody won't connect, it's probably because Javamelody is using
some keystore that doesn't have the intermediate certificates that I
was discussing. You should check the Javamelody documentation for what
keystore it uses, or how it can be configured to use the keystore of
your choice.

At this point, I think you need to go to the Javamelody folks and ask
over there: this does not seem to be a Tomcat-related problem at all.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+ZULwACgkQ9CaO5/Lv0PAKhwCgixeUlDkPQFiXg+k2AqxfUkPL
p0QAnRPmbpcTDGYJAsH93n4x6r3ZZdvO
=l5nQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message