RE: tomcat + certificate

Sun, 12 Feb 2006 19:51:20 -0800 

Duan, Nick wrote:

> Without knowing the details of your problem (you may want to provide a
> stack trace next time), I think the problem is in the java client.  Did
> you use JSSE to implement the client?  The java sockets for accessing
> http are not the same as https.
> 
> ND

Duan,

Thanks for the help.

Below is the stack trace of the java client i use:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
        at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
        at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at ClientRequest.communicateGA(ClientRequest.java:46)
        at ClientRequest.main(ClientRequest.java:24)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
        ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 17 more


I got this while i tried to connect with the sample servlet that comes with
tomcat. Is that enough?

Below is the snippet of the code i use:

URL url = new
URL("https://<myserver>:8443/servlets-examples/servlet/HelloWorldExample");
            URLConnection conn = url.openConnection();
            conn.setDoOutput(true);
            OutputStreamWriter wr = new OutputStreamWriter(conn 
                    .getOutputStream());

Where am i doing wrong? I guess the problem is with client(as you pointed
already) but unable to figure out the exact problem. The client and server
both are in the same system.

regds,
SK

> 
> -----Original Message-----
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Saravana Kumar
> Sent: Friday, February 10, 2006 2:29 AM
> To: [email protected]
> Subject: tomcat + certificate
> 
> Hi,
> 
> I am running a tomcat server running here. We have a servlet container
> hosted in the server. The servlet is called from a java client program
> and
> is working fine(http).
> 
> Then i following the instructions from the tomcat documentation page i
> installed a self signed certificate. The site now shows up with the
> certificate from the browser.
> 
> The problem is while running the java client and connecting to the
> server(https) the program gives out error(connection timed out/SSL
> handshake ... etc).
> 
> Hope i am not raising a dumb question here. What is wrong with my setup?
> Any
> pointers. Some one said we have to install apache also. Is that so? Is
> it
> possible to make tomcat handle the certificates itself and free the
> servlet
> from that.
> 
> BTW, i am running on FC4, with tomcat version 5.5.12.
> 
> 
> TIA,
> SK
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to