-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas,
On 4/26/2011 4:40 PM, Thomas Hill wrote:
> thanks for your reply. So does this mean no way on Tomcat 5.5? (as I
> won't switch to a newer version, especially 7.x any time soon)
There is another way to install your trust manager: we used this
TrustManager with a foolish service that never renewed their
certificates and we kept getting similar errors -- although this was for
server certs and not client certs. I suppose the same technique works
for both, since a TrustManager has methods to cover both cases.
Try something like this:
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
That last line is specific to ignoring problems with /server/ certs when
contacting them through the HttpsURLConnection class. You'll have to
poke around to find out how to set the SSLContext and/or SocketFactory
for Tomcat's <Connector>s.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk25gFEACgkQ9CaO5/Lv0PBi2QCfUfpZcMoBsvSvIYYRU9xL6l6q
kGUAnA1ZZqzTTGxq0SbHxxCewwOEvQfV
=tFuG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
