Hi all,
I have a tomcat 6.0.35 that needs to connect to a remote server using
https, so it is acting as a https client: it means that tomcat must have
the remote server certificate installed.
The ideal solution I found is to configure the truststore in the
server.xml.
Please see the following:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="keystore/keystore.p12"
keystoreType="pkcs12"
keystorePass="<password>"
truststoreFile="keystore/truststore.p12"
truststoreType="pkcs12"
truststorePass="<password>"
clientAuth="optional" sslProtocol="TLS" />
So, I configured the truststore and the server.xml.
After restarting tomcat I got an ssl excetpion
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Enabling the property javax.net.debug I could see that tomcat is simply
ignoring the truststore I configured.
Let me add that I tried also with no luck to change the truststore format
to jks. I add also that the remote server cert is inside the truststore
since I can see it with keytool.
Do you know why? What else could I check?
Regards
Marco
This e-mail, including attachments, is intended for the person(s) or company
named and may contain confidential and/or legally privileged information.
Unauthorized disclosure, copying or use of this information may be unlawful and
is prohibited. If you are not the intended recipient, please delete this
message and notify the sender.
All incoming and outgoing e-mail messages are stored in the Swiss Re Electronic
Message Repository.
If you do not wish the retention of potentially private e-mails by Swiss Re, we
strongly advise you not to use the Swiss Re e-mail account for any private,
non-business related communications.
