Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C66D317A3B for ; Mon, 11 May 2015 20:50:28 +0000 (UTC) Received: (qmail 42792 invoked by uid 500); 11 May 2015 20:50:25 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 42726 invoked by uid 500); 11 May 2015 20:50:25 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 42715 invoked by uid 99); 11 May 2015 20:50:25 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 May 2015 20:50:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 939001A295D for ; Mon, 11 May 2015 20:50:24 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.109 X-Spam-Level: X-Spam-Status: No, score=-0.109 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=ptc.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id Vy_8yzjqRXLs for ; Mon, 11 May 2015 20:50:15 +0000 (UTC) Received: from mx1.ptc.com (mx1.ptc.com [12.11.148.188]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 0E60D215CB for ; Mon, 11 May 2015 20:50:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ptc.com; s=ptc; t=1431377415; x=1462913415; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=8PWBkLUFoyd4byw3vAbMVjx71pzHN3/O+qlfqwc2t2A=; b=eKbhyA50JPC/iDtlwE1MZpniwLVFAF5UdC3Af3ztxFclKSy4dkLfzt+1 vmmzwJQg8SuCN8HeFYWKNRd3k7LlU4n00Zj/7Z77EdvwpjhFMokfZi9nR SJzkMQtaldcQ23lXZm7/TYCEmC1GTfy23JDRSlu6sczkLdmZwDiTJQPYU 4=; X-IronPort-AV: E=Sophos;i="5.13,410,1427774400"; d="scan'208";a="75724847" Received: from hq-x10prdhub2.ptcnet.ptc.com ([132.253.198.28]) by mx1-int.ptc.com with ESMTP/TLS/AES128-SHA; 11 May 2015 16:50:06 -0400 Received: from awang.ptcnet.ptc.com (132.253.8.73) by HQ-X10PRDHUB2.ptcnet.ptc.com (132.253.201.252) with Microsoft SMTP Server id 14.3.123.3; Mon, 11 May 2015 16:50:06 -0400 Message-ID: <555115FD.6060409@ptc.com> Date: Mon, 11 May 2015 15:50:05 -0500 From: Andy Wang User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Subject: Re: SSL Handshake Exceptions References: <5551001B.1010603@ptc.com> In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [132.253.8.73] Honestly, I'm going to be a little purposefully obtuse here. Manipulating your trust store is a security step. You really need to understand what you're doing and why, so I'd suggest you do some google searches to read up on it using keywords pulled out of my original response. I will add one more thing. Your original stack trace showed the webserver to be some com.redwood.r2w class. Quick googling finds that this is some commercial product. You might want to try the support channels from your vendor as they may have special instructions for trusting self-signed certs. Andy On 05/11/2015 02:30 PM, jairaj kamal wrote: > Hi, > > Can you share the steps to import the certificate into the jssecacerts > truststore, my client is webserver. > > *Jairaj Kamal* > > > On Mon, May 11, 2015 at 2:16 PM, Andy Wang wrote: > >> >> >> On 05/11/2015 01:24 PM, jairaj kamal wrote: >> >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> >> >> This usually means that the ssl client (the client that's originating the >> direct connection to the ssl server) is unable to construct a proper >> certificate trust path for the server. >> >> As you noted, you used a self-signed cert. This means that you need to >> import the certificate into the jssecacerts truststore (or if your client >> has it's own truststore, it needs to be imported there). >> >> Andy >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org