Thanks for the response.
The client can be any one who wants to post an XML message to this URL.
So you could create an xml message and post the request using https.
Not sure why the client would need to 'add' this certificate. We have
written code to connect to many such web services and we never need to
add certificates from the server we are connecting to? For example, if
we need to use Fedex's API service, we need to send the request using
https, but we have never added any certificates from them on our server.
Bill Barker wrote:
"Rizwan Merchant" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi,
We have a web based application running on Tomcat 6. The server.xml file
is configured so that the application can handle incoming https requests
on port 443 (default). When a user hits the URL http://www.mydomain.com,
it automatically redirects to https://www.mydomain.com (due to security
constraint set up in web.xml).
We also have a web service running which is invoked by posting the
request message to http://www.mydomain.com/rpc2
I am trying to enforce ssl on this service as well, but when a message
is posted to https://www.mydomain.com/rpc2 (secure using https
protocol), the client is seeing the following error:
(Posting the message to http://www.mydomain.com/rpc2 works fine)
*Error 60:SSL certificate problem, verify that the CA cert is OK.
Details: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed*
You didn't say what the client is so I can't offer much on how to fix it.
But the error is saying that the client couldn't find the CA certificate
that signed your Tomcat server certificate in it's list of trusted CAs. As
a result, the client correctly desides not to trust your Tomcat server.
You need to add the CA certificate to the client's trusted certificate list,
as explained in the documentation for the client (but probably cacerts.pem).
Basically, the https is working fine on the website, but not for the web
service (which, from what I understand, is being handled by a separate
servlet, rpc2).
Any ideas please?
Thanks,
-Rizwan Merchant.
--------------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
