javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Could not find trusted certificate
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
The vendor informs me that I merely need to add the appropriate key:
The Equifax Key is not in Java by default. You need to add it. Example:
1) cd $JAVA_HOME/jre/lib/security/cacerts
2) copy the GeoTrust root from here:
http://www.geotrust.com/resources/roots/ Equifax_Secure_Certificate_Authority.cer
to the file geotrustroot.cer in this directory
3) Run this command:
keytool -import -trustcacerts -alias geotrustroot -keystore cacerts -file geotrustroot.cer -storepass changeit
I've imported this key to every keystore I can find or think of on my Mac OS X system (keytool's default one, /Library/Java/Home/lib/security/cacerts, ~/.keystore, ~root/.keystore) and I continue to get the same error.
So now I'm trying to figure out if a default Tomcat 4.1.24 install uses its own keystore. If not I'm hoping to find some way I can figure out what key the SSL connection is being presented with, and what keystore it's attempting to find a matching key in. I don't know if I just have the wrong certificate, or if I've put it in the wrong place.
Any thoughts from the gallery?
- Ert
