You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Antonio Fiol Bonnín <fi...@terra.es> on 2003/06/25 20:58:01 UTC

[OT] Couldn't find trusted certificate

I know, this is O-T.

How can I load a cacert which is NOT in the cacerts file? (I have 
read-only access to that file so I can't add my cacert to it)

Thank you very much.

Antonio Fiol

Bill Barker wrote:

>"Antonio Fiol Bonnín" <fi...@terra.es> wrote in message news:3EF930C2.4060605@terra.es...
>  
>
>>I found that while trying to open a SSL (in fact HTTPS) connection from 
>>inside a servlet. Could it be that?
>>
>>    
>>
>
>If you have a 1.4.x JVM, then opening a https connection should be easy.  This is assuming that the server has a Verisign or Thwait signed cert (at least for Sun's JVM, other vendors may supply a different set of cacerts).  Otherwise you need to add the root signer to your cacerts on the client.  
>
>
>
>  
>
>>Bill Barker wrote:
>>
>>    
>>
>>>This is happening too late to be a server-cert problem.  I'm guessing that
>>>you specified CLIENT-CERT auth, but you don't have any valid certs.
>>>
>>>"Dan Soschin" <d_...@yahoo.com> wrote in message
>>>news:20030623223124.52015.qmail@web41604.mail.yahoo.com...
>>> 
>>>
>>>      
>>>
>>>>Specs: Tomcat 4.0.6 w/ JDK 1.4.1 on Windows 2000 Advanced Server
>>>>
>>>>I run the keytool command to generate keystore successfully, obtained a
>>>>   
>>>>
>>>>        
>>>>
>>>csr from thawte and
>>> 
>>>
>>>      
>>>
>>>>successfully imported it into the keystore file.  I modified the
>>>>   
>>>>
>>>>        
>>>>
>>>server.xml file to point to the
>>> 
>>>
>>>      
>>>
>>>>keystore file, etc, uncommenting SSL connector
>>>>
>>>>When I access my app at https:8443/myapp... I get the follow error in
>>>>   
>>>>
>>>>        
>>>>
>>>Tomcat:
>>> 
>>>
>>>      
>>>
>>>>2003-06-23 14:57:40 StandardWrapperValve[portal]: Servlet.service() for
>>>>   
>>>>
>>>>        
>>>>
>>>servlet portal threw
>>> 
>>>
>>>      
>>>
>>>>exception
>>>>javax.servlet.ServletException: Exception opening resource
>>>>https://localhost:8443/portal/FileMenuController.exec?action=viewAlt:
>>>>javax.net.ssl.SSLHandshakeException:
>>>>   
>>>>
>>>>        
>>>>
>>>java.security.cert.CertificateException: Couldn't find
>>> 
>>>
>>>      
>>>
>>>>trusted certificate
>>>>
>>>>I'm new to Tomcat/SSL, but I have gone over the instructions in the howTo
>>>>   
>>>>
>>>>        
>>>>
>>>from apache and thawte
>>    
>>
>>> 
>>>
>>>      
>>>
>>>>and cannot get any further.
>>>>
>>>>Can anybody please tell me what stupid thing I forget to do?  I'm sure its
>>>>   
>>>>
>>>>        
>>>>
>>>obvious.
>>> 
>>>
>>>      
>>>
>>>>Thanks!
>>>>
>>>>__________________________________
>>>>Do you Yahoo!?
>>>>SBC Yahoo! DSL - Now only $29.95 per month!
>>>>http://sbc.yahoo.com
>>>>   
>>>>
>>>>        
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>> 
>>>
>>>      
>>>
>
>  
>

Re: [OT] Couldn't find trusted certificate

Posted by Bill Barker <wb...@wilshire.com>.

You should be able to import into the normal keystore as well using the
'-trustcacerts' option for 'keytool -import ...'.  I've never tryed it
myself personally, but the docs for 'keytool' says it should work.

"Antonio Fiol Bonn�n" <fi...@terra.es> wrote in message
news:3EF9F0B9.1010001@terra.es...
> I know, this is O-T.
>
> How can I load a cacert which is NOT in the cacerts file? (I have
> read-only access to that file so I can't add my cacert to it)
>
> Thank you very much.
>
> Antonio Fiol
>
> Bill Barker wrote:
>
> >"Antonio Fiol Bonn�n" <fi...@terra.es> wrote in message
news:3EF930C2.4060605@terra.es...
> >
> >
> >>I found that while trying to open a SSL (in fact HTTPS) connection from
> >>inside a servlet. Could it be that?
> >>
> >>
> >>
> >
> >If you have a 1.4.x JVM, then opening a https connection should be easy.
This is assuming that the server has a Verisign or Thwait signed cert (at
least for Sun's JVM, other vendors may supply a different set of cacerts).
Otherwise you need to add the root signer to your cacerts on the client.
> >
> >
> >
> >
> >
> >>Bill Barker wrote:
> >>
> >>
> >>
> >>>This is happening too late to be a server-cert problem.  I'm guessing
that
> >>>you specified CLIENT-CERT auth, but you don't have any valid certs.
> >>>
> >>>"Dan Soschin" <d_...@yahoo.com> wrote in message
> >>>news:20030623223124.52015.qmail@web41604.mail.yahoo.com...
> >>>
> >>>
> >>>
> >>>
> >>>>Specs: Tomcat 4.0.6 w/ JDK 1.4.1 on Windows 2000 Advanced Server
> >>>>
> >>>>I run the keytool command to generate keystore successfully, obtained
a
> >>>>
> >>>>
> >>>>
> >>>>
> >>>csr from thawte and
> >>>
> >>>
> >>>
> >>>
> >>>>successfully imported it into the keystore file.  I modified the
> >>>>
> >>>>
> >>>>
> >>>>
> >>>server.xml file to point to the
> >>>
> >>>
> >>>
> >>>
> >>>>keystore file, etc, uncommenting SSL connector
> >>>>
> >>>>When I access my app at https:8443/myapp... I get the follow error in
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Tomcat:
> >>>
> >>>
> >>>
> >>>
> >>>>2003-06-23 14:57:40 StandardWrapperValve[portal]: Servlet.service()
for
> >>>>
> >>>>
> >>>>
> >>>>
> >>>servlet portal threw
> >>>
> >>>
> >>>
> >>>
> >>>>exception
> >>>>javax.servlet.ServletException: Exception opening resource
> >>>>https://localhost:8443/portal/FileMenuController.exec?action=viewAlt:
> >>>>javax.net.ssl.SSLHandshakeException:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>java.security.cert.CertificateException: Couldn't find
> >>>
> >>>
> >>>
> >>>
> >>>>trusted certificate
> >>>>
> >>>>I'm new to Tomcat/SSL, but I have gone over the instructions in the
howTo
> >>>>
> >>>>
> >>>>
> >>>>
> >>>from apache and thawte
> >>
> >>
> >>>
> >>>
> >>>
> >>>
> >>>>and cannot get any further.
> >>>>
> >>>>Can anybody please tell me what stupid thing I forget to do?  I'm sure
its
> >>>>
> >>>>
> >>>>
> >>>>
> >>>obvious.
> >>>
> >>>
> >>>
> >>>
> >>>>Thanks!
> >>>>
> >>>>__________________________________
> >>>>Do you Yahoo!?
> >>>>SBC Yahoo! DSL - Now only $29.95 per month!
> >>>>http://sbc.yahoo.com
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
>
>




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org