First of all, since you are trying to get a resource from the server itself, it might be completely sufficient to use http instead of https, i.e. the url
http://localhost:8080//Cache?newsServer=moreover_news&newsFeedName should work (assuming standard configuration). You won't have to bother with ssl then, which should be acceptable, because the data in questiong will be send over the server's loopback interface only (and therefor should not be in danger of beeing monitored, as long as your server hasn't been hacked). If you still want to use ssl, though, there is quite a long way to go: It seems you have tomcat configured to accept ssl at port 8443, and now you want to get something from it from within a jsp page with this url: https://localhost:8443//Cache?newsServer=moreover_news&newsFeedName In order for this to succeed, the code executing your jsp will act quite similar to a normal webbrowser and attempts to connect to the server given in the url (which could as well be any other server reachable over your network). What follows is a ssl-handshake: The server presents it's certificate and a key to encrypt the datatransfer is exchanged. This key is normally signed by some CA (certificate authority, like Thawte or verisign) so that the client can trust that no one just pretends to be who he says to be (e.g. a bank or something like this) and can decide upon that if he wants to transfer confidential information (like a credit card number for example) to this server. I'm sure you have seen warnings from your browser when these certificates are not perfectly ok, when they have expired or are not issued for the right server(-name). Your browser will ask if you wish to accept this and continue to connect nevertheless. (What do you see if you enter the above URL into your browser, with "localhost" replaced by whatever address your server is reachable at). This is what happens to your jsp-code too, because your selfgenerated server-key (which you created with "keytool -genkey -alias tomcat -keyalg RSA", -genkey creates a key, not a keystore) is not signed by anyone trusted by normal java distributions. But instead of giving the opportunity to accept this nevertheless, the process fails, because there is noone there to interactively give his ok. This is all the background I can give you in realtively short time, since the process to sign such a key and to import the certificate is quite complex (if you do not want to spend money for someone officially signing your key). And I'm afraid I don't know how to accept such certificates nevertheless. If you need advice on how to become your own CA, how to sign your key and import the CA's key into your keystore, I could provide you with some notes, but don't expect this will be easy. greetings Andreas Mohrig -----Original Message----- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 12:02 PM To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib Thanks for your quick answer ! But I have never work with SSL before, so I am getting a little confused. How can I get a certificate for my server ? The only thing I have done so far is creating a keystore (keytool -genkey -alias tomcat -keyalg RSA). Every thing works fine except for the taglibs ? -----Original Message----- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: mercredi 21 août 2002 11:52 To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib And to finish my own thought (this time before sending the message ;-): You should then use your official server-name instead of "localhost", i.e. the name which is set in the certificate. Java is really picky about the certificates it trusts. By the way: This has nothing to do with client authentification, since your server does seem to communicate only with itself at this point. Hope it works Andreas Mohrig -----Original Message----- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:47 AM To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib I'm afraid your server doesn't have a certificate for itself (i.e. localhost), from which it is requesting a resource. At least it doesn't know itself under this name ("localhost"). You have to import your server certificate (or the certificate of the CA that signed it) with keytool into your java keystore to get rid of this problem. greetings Andreas Mohrig -----Original Message----- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:37 AM To: Tomcat Subject: Tomcat + SSL + IO Taglib Hello, I'am connecting to Tomcat using SSL, but without client authentification (clientAuth="false" in server.xml). When I try to use io taglib, here is an JSP example : ... url = "https://localhost:8443//Cache?newsServer=moreover_news&newsFeedName"%> <io:request url="<%=url%>"/> ... I always got this message : javax.servlet.ServletException: Couldn't find trusted certificate Is there a way to use IO Taglib with a secure website without client authentification ? Thanks. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
