On Mon, Apr 27, 2020 at 3:31 PM calder wrote: > > On Mon, Apr 27, 2020 at 11:22 AM Beard, Shawn M. wrote: > > > I have an app running in tomcat 9 that makes an ssl call to an external > > webservice. > > > > It fails with these errors in the logs: > > > > ERROR javax.net.ssl.SSLHandshakeException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > > valid certification path to requested target > > When we've seen that in our logs, it's because self-signed certs are being > used.
This error can also occur on a Windows domain when the TLS certificate is issued by a corporate (internal) certificate authority (i.e., Java doesn't trust the issuer). On a Windows machine, you can tell Java to trust the certificates in the Windows certificate store by using this command line parameter: -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT Bill --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
