tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Wang <aw...@ptc.com>
Subject Re: SSL Handshake Exceptions
Date Mon, 11 May 2015 20:50:05 GMT
Honestly, I'm going to be a little purposefully obtuse here. 
Manipulating your trust store is a security step.  You really need to 
understand what you're doing and why, so I'd suggest you do some google 
searches to read up on it using keywords pulled out of my original response.

I will add one more thing.  Your original stack trace showed the 
webserver to be some com.redwood.r2w class.  Quick googling finds that 
this is some commercial product.  You might want to try the support 
channels from your vendor as they may have special instructions for 
trusting self-signed certs.

Andy


On 05/11/2015 02:30 PM, jairaj kamal wrote:
> Hi,
>
> Can you share the steps to import the certificate into the jssecacerts
> truststore, my client is webserver.
>
> *Jairaj Kamal*
>
>
> On Mon, May 11, 2015 at 2:16 PM, Andy Wang <awang@ptc.com> wrote:
>
>>
>>
>> On 05/11/2015 01:24 PM, jairaj kamal wrote:
>>
>>> javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>> valid certification path to requested target
>>>
>>
>> This usually means that the ssl client (the client that's originating the
>> direct connection to the ssl server) is unable to construct a proper
>> certificate trust path for the server.
>>
>> As you noted, you used a self-signed cert.  This means that you need to
>> import the certificate into the jssecacerts truststore (or if your client
>> has it's own truststore, it needs to be imported there).
>>
>> Andy
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message