Hi,
Please advise on the step to resolve the issue encountered in 2way SSL
Tomcat version used : apache-tomcat-8.5.15
Java Version used: jdk1.8.0_131
*Problem statement: *Tomcat doesn't trust the inbound connection.
We have web application deployed in tomcat and it integrated with web
services.
2 way SSL is enabled.
Webservice client deployed in Tomcat send the certificate to webservices
and it is trusted.
Tomcat doesn't trust certificate sent by the webservices.
It seems to ignore the client validation and allow the communication.
*step followed to implement 2 way SSL from application*
We set the keystore and trust store to be used for communication. so it
takes the cert from key store for outbound and trust the cert for inbound
connections.
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore","TrustStore.jks");
System.setProperty("javax.net.ssl.keyStore","KeyStore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
It sends the certificate for other system to trust but it doesn't trust the
incoming connection.
Please advise on the configuration to trust the incoming connection.
Thanks
Vinoth
