Hi Nandana, Thanks for your comments. I'm wondering whether we should import certificates to the default Java trusted store (jre/lib/security/cacertificates) or to have a separate trusted key store file for our application and import certificate to it? Which one is a better solution from the security point of view?
The other question how can we show certificate to the user and then import it programmatically the same way web-browsers do? Thanks Joe On Mon, Mar 3, 2008 at 10:09 AM, Nandana Mihindukulasooriya < [EMAIL PROTECTED]> wrote: > Hi Nuria, > yes, you need to set a system property in the client side to > add that key store containing that cert as a trusted key store. This > can be simply done using > > System.setProperty("javax.net.ssl.trustStore", > "path/to/keystore.jks"); > System.setProperty("javax.net.ssl.trustStorePassword", "password"); > > in the client side. > > thanks, > nandana > > On Mon, Mar 3, 2008 at 8:14 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > > > > > Hello: > > > > > > > > I'm using Axis2 and I need to use SSL to connect to a WS. > > > > In server side I do the following: > > > > > > > > I configure the server.xml file in tomcat. I have: > > > > <Connector port="8443" > > > > maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" > > > > enableLookups="false" disableUploadTimeout="true" > > > > acceptCount="100" debug="0" scheme="https" secure="true" > > > > clientAuth="false" sslProtocol="TLS" /> > > > > > > > > Then I generate a server certificate doing the following: > > > > keytool -genkey -alias tomcat -keyalg RSA > > > > keytool -export -alias tomcat -storepass > changeit > > -file server.cer > > > > keytool -import -v -trustcacerts -alias tomcat > -file > > server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -keypass > changeit > > -storepass changeit > > > > > > > > I start-up tomcat and when I call the service using the EPR > > "https://mymachine:8443/ ...." I receive the following exception: > > > > > > > > I/O exception (org.apache.axis2.AxisFault) > caught > > when processing request: sun.security.validator.ValidatorException: PKIX > > path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > > valid certification path to requested target > > > > > > > > I don't know if I need to indicate something from the client side. > > > > > > > > Thanks, > > > > Nuria > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >