-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pranab,
[EMAIL PROTECTED] wrote:
| I am getting the security certification problem in a J2EE based
| application which is running on our production Tomcat server [while
attempting to contact LDAP server over SSL].
[snip]
| Caused by: java.security.cert.CertificateException: Could not find
| trusted certificate
|
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
It may be that the internal checking code for Java has changed since I
last encountered it, or you may be using JCE or something like that, but
you used to be able to run code similar to the following to disable cert
checking. I have this in a CVS repository that sometimes has to connect
to servers with self-signed SSL certs:
"
This code was written and tested on JDK 1.4.2_09.
You need to execute this code before you attempt to make an SSL connection.
~ import java.security.KeyManagementException;
~ import java.security.NoSuchAlgorithmException;
~ import javax.net.ssl.SSLContext;
~ import javax.net.ssl.TrustManager;
~ import javax.net.ssl.X509TrustManager;
~ import javax.net.ssl.HttpsURLConnection;
~ public static void disableSSLCertificateChecking()
~ {
~ TrustManager[] trustAllCerts = new TrustManager[] {
~ new X509TrustManager() {
~ public X509Certificate[] getAcceptedIssuers() {
~ return null;
~ }
~ public void checkClientTrusted(X509Certificate[] certs,
~ String authType) {
~ }
~ public void checkServerTrusted(X509Certificate[] certs,
~ String authType) {
~ }
~ }
~ };
~ try
~ {
~ SSLContext sc = SSLContext.getInstance("SSL");
~ sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
~ }
~ catch (KeyManagementException kme)
~ {
~ kme.printStackTrace();
~ }
~ catch (NoSuchAlgorithmException nsae)
~ {
~ nsae.printStackTrace();
~ }
~ }
If you have access to the individial HttpURLConnection objects that will
be used to make SSL connections, you can disable them on a per-instance
basis by using HttpURLConnection.setSocketFactory(sc.getSocketFactory())
instead of using HttpURLConnection.setDefaultSSLSocketFactory and
changing the socket factory globally.
"
I hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAke/C8MACgkQ9CaO5/Lv0PByyACfTbdWkk20hU/gE6ny9yTfsPZw
uIgAoIugkSSp/WElPDOxFhJl6lBTD0EV
=Ozrr
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
