Dear all, I am stuck with this problem for over a month now, and I have tried all ways but to no avail.
My Tomcat 6.0.32 is running in Solaris 10 and the JDK version is 1.6.0_21. I deployed a java program in Tomcat webapps/ which will post some results to a web server via a HTTPS url. I received the following error in the catalina.out log. [12-05-04 00:57:20] INFO [http-8080-1] Sending to (https://abc.test.com/payment/test.jsp) - timeout: 30000 [12-05-04 00:57:22] ERROR [http-8080-1] Encounter exception while send status to merchant status url! sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I downloaded and imported the required CA chain certificates into the java truststore cacerts but it does not help. Next, I tried to set JAVA_OPTS to point Tomcat to the cacerts as the truststore and it doesnt help either. bash-3.00# /usr/ucb/ps -auxwww | grep tomcat root 25578 0.1 11.01145892903712 pts/8 S 00:55:57 2:14 /usr/java/bin/java -Djava.util.logging.config.file=/usr/local/apache-tomcat-6.0.32/conf/logging.properties -Xms512m -Xmx1024m -XX:MaxPermSize=512m -XX:+DisableExplicitGC -Djavax.net.ssl.trustStore=/usr/java/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dsun.net.inetaddr.ttl=0 -Djavax.net.ssl.keyStore=/usr/java/jre/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/apache-tomcat-6.0.32/endorsed -classpath /usr/local/apache-tomcat-6.0.32/bin/bootstrap.jar -Dcatalina.base=/usr/local/apache-tomcat-6.0.32 -Dcatalina.home=/usr/local/apache-tomcat-6.0.32 -Djava.io.tmpdir=/usr/local/apache-tomcat-6.0.32/temp org.apache.catalina.startup.Bootstrap start The CA certificates were imported into cacerts using the following keytool command. keytool -import -trustcacerts -keystore cacerts -file root.cer -alias BuiltinObjectToken-GoDaddyClass2CA keytool -import -trustcacerts -keystore cacerts -file inter.cer -alias GoDaddySecureCertificationAuthority I also tried to verify by using TestSSL.java and InstallCert.java and both could locate the CA certificates in cacerts. Therefore I am suspecting that Tomcat is not using cacerts properly. Any help is greatly appreciated! Regards, Andii --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
