-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas,
On 4/26/2011 4:40 PM, Thomas Hill wrote: > thanks for your reply. So does this mean no way on Tomcat 5.5? (as I > won't switch to a newer version, especially 7.x any time soon) There is another way to install your trust manager: we used this TrustManager with a foolish service that never renewed their certificates and we kept getting similar errors -- although this was for server certs and not client certs. I suppose the same technique works for both, since a TrustManager has methods to cover both cases. Try something like this: TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); That last line is specific to ignoring problems with /server/ certs when contacting them through the HttpsURLConnection class. You'll have to poke around to find out how to set the SSLContext and/or SocketFactory for Tomcat's <Connector>s. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk25gFEACgkQ9CaO5/Lv0PBi2QCfUfpZcMoBsvSvIYYRU9xL6l6q kGUAnA1ZZqzTTGxq0SbHxxCewwOEvQfV =tFuG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org