I found that link yesterday. I looked it over but instead tried to follow the instructions I found
here: http://www.java-samples.com/showtutorial.php?tutorialid=210 instead. My Tomcat has a custom keystore, /opt/tomcat/CustomKeystore. Also I tried to run the InstallCerts program this morning and got the following error: Exception in thread "main" java.lang.NoClassDefFoundError: /export/tburton/InstallCert Caused by: java.lang.ClassNotFoundException: .export.tburton.InstallCert at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) I'm reluctant to add the cert(s) I need to the /opt/java/lib/security/cacerts file if I can avoid it. I've tried importing them to the /opt/tomcat/CustomKeystore, but I'm beginning to think that that Store might only be used by tomcat when it is the "server" in a secure connection instead of the "client". Tom Burton ________________________________ From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Wednesday, August 12, 2009 5:00 PM To: Burton, Tom F (DOR) Subject: RE: SSLHandshakeException implementing a self-cert instead of a valid commerical cert http://blogs.sun.com/andreas/entry/no_more_unable_to_find Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Wed, 12 Aug 2009 16:24:28 -0800 > From: tom.bur...@alaska.gov > Subject: SSLHandshakeException > To: users@tomcat.apache.org > > Hello, > I have a server running Tomcat 5.5.20 with Java 1.6.0.7 on SunOS > 5.10 > I'm receiving an SSLHandshakeException when I to connect to an https > authentication source on another server. The server is being accessed > through another server acting as a proxy. I've added both servers > https certificates to tomcats keystore on my server but it still > hasn't gotten rid of the exception. Any help would be greatly > appreciated. > > Exact output follows: > RemoteException: ; nested exception is: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > > > Thank you for any help, > Tom Burton > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > ________________________________ Express your personality in color! Preview and select themes for Hotmail®. Try it now. <http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_express:082009>
