tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jäkel, Guido <G.Jae...@dnb.de>
Subject RE: SSL on Tomcat
Date Fri, 28 Sep 2018 08:39:49 GMT
Dear Loai,

Your client can't very (don't trust) the certificate (chain) of the target. Either target's
certificate is not an "official" one (e.g. self signed) or your clients JVM certificate trust
chain is not up to date.

I you like I may send you a small java commandline tool to check the verification chain and/or
add exceptions to the local trust store in case of self-signed certificates.

Guido


>-----Original Message-----
>From: Loai Abdallatif [mailto:loai.abdallatif@gmail.com]
>Sent: Thursday, September 27, 2018 4:52 PM
>To: Tomcat Users List <users@tomcat.apache.org>
>Subject: Re: SSL on Tomcat
>
>hello, shall I add the certificate to server.xml on tomcat server or just on Webserver
>
>
>On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif <loai.abdallatif@gmail.com <mailto:loai.abdallatif@gmail.com>
> wrote:
>
>
>	Hello,
>
>	I have Set Apache Load Balancer ( ModJK) with Server IP 192.168.1.120 (Webserver01.epsilon.test)
 which forward the
>traffic to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
>
>
>	each tomcat server has three workers ( 0,1,2)
>
>	I deployed Central Authentication Service (CAS)  on Worker0  and its  is working with
warning related to ssl
>Certificate, I have another Application on this worker0 called ServiceCatalog unfortunatly
it didnt work and gave error as below
>
>
>
>
>
>
>
>
>	ERROR org.jasig.cas.client.util.CommonUtils - sun.security.validator.ValidatorException:
PKIX path building failed
>: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested
>target
>	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX
path building failed: sun.sec
>urity.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
>	        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>	        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
>	        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
>	        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
>	        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
>	        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
>	        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
>	        at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
>	        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
>	        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
>	        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>	        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>	        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
>	        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnectio
>n.java:185)
>	        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
>	        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
>	        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
>	        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
>	        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(A
>bstractCasProtocolUrlBasedTicketValidator.java:41)
>	        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidato
>r.java:193)
>	        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthentica
>tionProvider.java:157)
>	        at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticatio
>nProvider.java:142)
>
>
>

Mime
View raw message