tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinoth Raja <rbvdvin...@gmail.com>
Subject 2 Way SSL integration with Webservices - Inbound connection not trusted
Date Tue, 15 Aug 2017 08:49:30 GMT
Hi,

Please advise on the step to resolve the issue encountered in 2way SSL

Tomcat version used : apache-tomcat-8.5.15
Java Version used: jdk1.8.0_131

*Problem statement: *Tomcat doesn't trust the inbound connection.

We have web application deployed in tomcat and it integrated with web
services.
2 way SSL is enabled.
Webservice client deployed in Tomcat send the certificate to webservices
and it is trusted.
Tomcat doesn't trust certificate sent by the webservices.
It seems to ignore the client validation and allow the communication.

*step followed to implement 2 way SSL from application*

We set the keystore and trust store to be used for communication. so it
takes the cert from key store for outbound and trust the cert for inbound
connections.

               System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore","TrustStore.jks");
System.setProperty("javax.net.ssl.keyStore","KeyStore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");

It sends the certificate for other system to trust but it doesn't trust the
incoming connection.


Please advise on the configuration to trust the incoming connection.


Thanks
Vinoth

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message