-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andy,
On 5/11/15 4:50 PM, Andy Wang wrote: > Honestly, I'm going to be a little purposefully obtuse here. > Manipulating your trust store is a security step. You really need > to understand what you're doing and why, so I'd suggest you do some > google searches to read up on it using keywords pulled out of my > original response. +1 > I will add one more thing. Your original stack trace showed the > webserver to be some com.redwood.r2w class. Quick googling finds > that this is some commercial product. You might want to try the > support channels from your vendor as they may have special > instructions for trusting self-signed certs. Also, the underlying library is Apache Components HttpClient. You probably won't just be able to set a system-wide trust-store and be able to use that. I agree with Andy that you should contact your vendor about how to configure trust for remote websites (the one with the self-signed certificate). - -chris > On 05/11/2015 02:30 PM, jairaj kamal wrote: >> Hi, >> >> Can you share the steps to import the certificate into the >> jssecacerts truststore, my client is webserver. >> >> *Jairaj Kamal* >> >> >> On Mon, May 11, 2015 at 2:16 PM, Andy Wang <aw...@ptc.com> >> wrote: >> >>> >>> >>> On 05/11/2015 01:24 PM, jairaj kamal wrote: >>> >>>> javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building >>>> failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: >>>> unable to find valid certification path to requested target >>>> >>> >>> This usually means that the ssl client (the client that's >>> originating the direct connection to the ssl server) is unable >>> to construct a proper certificate trust path for the server. >>> >>> As you noted, you used a self-signed cert. This means that you >>> need to import the certificate into the jssecacerts truststore >>> (or if your client has it's own truststore, it needs to be >>> imported there). >>> >>> Andy >>> >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVUSJhAAoJEBzwKT+lPKRYep0P/RjpvS85Q9RyizOU/Yhi0ZSn 5hjJ4lZ5yaQ8vAwafLKdpPWEU0EnDpcaJ7bWR/gtAkPA/OBNPY6qnbzgmP0S+QIB ql3blINSSC9I39xsAgwwJki24PKKdR6XOPJLpkDhTWI/81D/i40tBnwuHRhAEq14 oTkoThkHNOkDAyr+ZL3iLVw2q+5ICOzihxsxsB097FXP9W0ViaD5rAu/bMCScw6+ L4LrFMj5LfSRLls5lKz5s9yaIxtosIVav7rm/GMJwwhbeR/f1wSB6xqvLDC5i8OR PTv3k+4ZyfuUzNSWLiC4Bx6SgqeWfTiVA1/bXGrpMZhGr9vaVrqzt3fc0fpHMbRx +p0rUJQVmSAydEGyWAKTTuJnNmZ3PMu+VzHD7HrLLadZQebHp7Bi4QCVi/iiGZnd uLKgu5MnuV9E3zDo7+boD+rbye+OxpQZIRfF69AcFPXEMlroN+As/Kpmnf/sUZgL SomYXAC1eVbxXYOmthrd4KPDsDOmW5JGhRcT0X7BRb0M8v1tkxSQzWLs63jCyZTG r+70g7Nn19s19WDgtuKJ4dYmXLDw2v35zPRX880uE+C7pe7gbtY2aa+bPVeL3g8x MZWbnDpMFVoTOvaj727yU8aPck1reO6y0Mw6CdFdXdBmng3vxFGbL7gYYO98R0yE n354x+6jDin21x3unbWF =rkfr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
