You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jeanna Geier <jg...@apt-cafm.com> on 2006/09/06 18:20:00 UTC
Error: unable to find valid certification path to requested target
Hi I'm having some problems connecting to a Slide client and would appreciate any help you could offer. I'm a newbie here, so please bear with me.
Here's what I've done:
Created a keystore:
>keytool -genkey -alias tomcat -keyalg RSA
and entered info for certificate - name on certificate: localhost
Imported a Verisign trial certificate:
>keytool -import -alias root -keystore .keystore -trustcacerts -file CA_Certificate.cert
Imported new certificate:
>keytool -import -alias tomcat -keystore .keystore -trustcacerts -file CA_Certificate.cert
Exported certificate to file:
>keytool -export -alias tomcat -file server.crt
Imported the certificate into the Java security cacerts file:
>keytool -import -alias root -file server.crt -keystore C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
>keytool -import -alias tomcat -file server.crt -keystore C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
-------------------------------------------------------------------------
When I open Internet Explorer and log in: "https://localhost/slide", I get the certificate (as expected) and when I click <yes> I am able to log into Slide.
When I attempt to log in using the Slide client, I run into problems.
C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
[ Slide ] $ open https://localhost/slide/
connect https://localhost/slide/
Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ Slide ] $
Any ideas? Most everywhere I looked suggested adding the certificate to the Java security store, which I've done, or verify that the name on the certificate is "localhost" (which it is) to fix the problem.... I've been working on this for almost a week with no luck, so any help you could give would be greatly appreciated!!
-Jeanna
Re: Error: unable to find valid certification path to requested target
Posted by Jeanna Geier <jg...@apt-cafm.com>.
Thanks for the reply!
Could you please tell me what the 'top level cert' is? Isn't that what I
did when I did the following?:
keytool -import -alias root -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
and
keytool -import -alias tomcat -file server.crt -keystore
C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
I apologize if these questions sound remedial, but I'm new to this.
Thanks again for your help, it is greatly appreciated!
-Jeanna
----- Original Message -----
From: "Bill Barker" <wb...@wilshire.com>
To: <us...@tomcat.apache.org>
Sent: Thursday, September 07, 2006 12:44 AM
Subject: Re: Error: unable to find valid certification path to requested
target
> You need to import the top level cert into cacerts with -trustcacerts.
> Otherwise it is untrusted.
>
> "Jeanna Geier" <jg...@apt-cafm.com> wrote in message
> news:008601c6d1d0$4dcf1ea0$6700a8c0@geier...
> Hi I'm having some problems connecting to a Slide client and would
> appreciate any help you could offer. I'm a newbie here, so please bear
> with me.
>
> Here's what I've done:
>
> Created a keystore:
>>keytool -genkey -alias tomcat -keyalg RSA
> and entered info for certificate - name on certificate: localhost
>
> Imported a Verisign trial certificate:
>>keytool -import -alias root -keystore .keystore -trustcacerts -file
>>CA_Certificate.cert
>
> Imported new certificate:
>>keytool -import -alias tomcat -keystore .keystore -trustcacerts -file
>>CA_Certificate.cert
>
> Exported certificate to file:
>>keytool -export -alias tomcat -file server.crt
>
> Imported the certificate into the Java security cacerts file:
>>keytool -import -alias root -file server.crt -keystore
>>C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
>
>>keytool -import -alias tomcat -file server.crt -keystore
>>C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
>
> -------------------------------------------------------------------------
> When I open Internet Explorer and log in: "https://localhost/slide", I get
> the certificate (as expected) and when I click <yes> I am able to log into
> Slide.
>
> When I attempt to log in using the Slide client, I run into problems.
>
> C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
> [ Slide ] $ open https://localhost/slide/
> connect https://localhost/slide/
> Error: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> [ Slide ] $
>
> Any ideas? Most everywhere I looked suggested adding the certificate to
> the Java security store, which I've done, or verify that the name on the
> certificate is "localhost" (which it is) to fix the problem.... I've been
> working on this for almost a week with no luck, so any help you could give
> would be greatly appreciated!!
> -Jeanna
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Error: unable to find valid certification path to requested target
Posted by Bill Barker <wb...@wilshire.com>.
You need to import the top level cert into cacerts with -trustcacerts.
Otherwise it is untrusted.
"Jeanna Geier" <jg...@apt-cafm.com> wrote in message
news:008601c6d1d0$4dcf1ea0$6700a8c0@geier...
Hi I'm having some problems connecting to a Slide client and would
appreciate any help you could offer. I'm a newbie here, so please bear with
me.
Here's what I've done:
Created a keystore:
>keytool -genkey -alias tomcat -keyalg RSA
and entered info for certificate - name on certificate: localhost
Imported a Verisign trial certificate:
>keytool -import -alias root -keystore .keystore -trustcacerts -file
>CA_Certificate.cert
Imported new certificate:
>keytool -import -alias tomcat -keystore .keystore -trustcacerts -file
>CA_Certificate.cert
Exported certificate to file:
>keytool -export -alias tomcat -file server.crt
Imported the certificate into the Java security cacerts file:
>keytool -import -alias root -file server.crt -keystore
>C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
>keytool -import -alias tomcat -file server.crt -keystore
>C:\Java\jdk1.5.0_06\jre\lib\security\cacerts
-------------------------------------------------------------------------
When I open Internet Explorer and log in: "https://localhost/slide", I get
the certificate (as expected) and when I click <yes> I am able to log into
Slide.
When I attempt to log in using the Slide client, I run into problems.
C:\jakarta-slide-webdavclient-bin-2.1\bin>run.bat
[ Slide ] $ open https://localhost/slide/
connect https://localhost/slide/
Error: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
[ Slide ] $
Any ideas? Most everywhere I looked suggested adding the certificate to the
Java security store, which I've done, or verify that the name on the
certificate is "localhost" (which it is) to fix the problem.... I've been
working on this for almost a week with no luck, so any help you could give
would be greatly appreciated!!
-Jeanna
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org