I'm trying to configure an SSL Oracle connection. I'm running on CentOS7 (for my DB Server and my Web Server).
Tomcat 7.0.76-6 from the CentOS Repository, httpd 2.4.6-80 from the CentOS Repository on the Web Server Oracle 12.2.0.1 on the Database Server I'm setting up the datasource in my web.xml - the 1521 port connection works fine. I change to 2484 and made the other following parameters (javax.net.ssl.trustStore parameters): <context-param> <param-name>type</param-name> <param-value>SIMPLE</param-value> </context-param> <context-param> <param-name>datasource</param-name> <param-value>mydatasource</param-value> </context-param> <context-param> <param-name>driver</param-name> <param-value>oracle.jdbc.OracleDriver</param-value> </context-param> <context-param> <param-name>url</param-name> <!-- <param-value>jdbc:oracle:thin:@myserver.mydomain.com:1521:mydatasource</param-value> --> <param-value>jdbc:oracle:thin:@(DESCRIPTION= (ADDRESS=(PROTOCOL=TCPS)(PORT=2484)(HOST=myserver.mydomain.com))(CONNECT_DATA=(SERVICE_NAME=mydatasource.myserver.mydomain.com)))</param-value> </context-param> <context-param> <param-name>javax.net.ssl.trustStore</param-name> <param-value>/usr/share/tomcat/conf/TrustStore.JKS</param-value> </context-param> <context-param> <param-name>javax.net.ssl.trustStoreType</param-name> <param-value>JKS</param-value> </context-param> <context-param> <param-name>javax.net.ssl.trustStorePassword</param-name> <param-value>mypassword</param-value> </context-param> <context-param> <param-name>username</param-name> <param-value>myuser</param-value> </context-param> <context-param> <param-name>mydbpass</param-name> <param-value>apso11</param-value> </context-param> It fails with the following error: May 22 12:12:00 myserver server: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target the TrustStore.JKS is in that directory. If I move the jafax.net.ssl.trustStore parameters to the JAVA_OPTS line, in the startup, then it works. JAVA_OPTS="-Xms1024m -Xmx2048m -Djavax.net.ssl.trustStore=/usr/share/tomcat/conf/TrustStore.JKS -Djjavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=mypassword" --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org