I have webapp that requires SSL communications to another webapp (which happens to be located on the same container for now). I've successfuly setup SSL according to the Wiki documentation:
http://www.jboss.org/wiki/Wiki.jsp?page=SSLSetup SSL is working correctly. The certificate was signed by our own OpenSSL CA and imported into keystore (the file referenced in the tomcat server.xml) along with the CA's root cert. Listing the keystore shows: Keystore type: jks | Keystore provider: SUN | | Your keystore contains 2 entries | | unit-tests-server, May 25, 2005, keyEntry, | Certificate fingerprint (MD5): 7E:17:C5:DE:96:9B:9A:E2:7F:4E:07:89:5C:E4:4B:D0 | openssl-ca, May 25, 2005, trustedCertEntry, | Certificate fingerprint (MD5): D2:B1:53:85:06:24:B3:E4:7A:04:2B:4B:71:AA:DC:06 I have some 3rd party servlet filters that need to make HTTP calls to the site (same container, localhost). They're unable to communicate because they don't trust the CA the cert was issued by: Caused by: sun.security.validator.ValidatorException: No trusted certificate found | at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304) | at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107) | at sun.security.validator.Validator.validate(Validator.java:202) | at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275) | at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275) | ... 48 more | I guess my question is how I can get the webapps in JBoss to recognize the root CA that was added in $JBOSS_HOME/server/default/conf/localhost.keystore View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3879072#3879072 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3879072 ------------------------------------------------------- SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate online with coworkers and clients while avoiding the high cost of travel and communications. There is no equipment to buy and you can meet as often as you want. Try it free.http://ads.osdn.com/?ad_id=7402&alloc_id=16135&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
