Hi Bruno, Actually our architecture is the following : A PC runs a restlet server locally (withou a servlet container); the resources served by this server call themselves other restlets which are located into another restlet serveron another PC, but this restlet server one is hosted in Tomcat with SSL setted. The problem occurs when trying to call these remote restlets from the first PC. SSL is managed by tomcat and the certificate has been generated by java keygen. regards xavier
2010/8/25 Bruno Harbulot <[email protected]> > Just to clarify, if I understand well, you're using a ClientResource > from within the Restlet environment running within Tomcat (so > effectively, your server is a client in that respect)? > > How do you configure SSL on the client connector? > > A priori, it looks like there's something wrong with the trust store > settings: either the server to which you're trying to connect has a > certificate that's not trusted by the default trust store available (if > you haven't specified anything), or the trust store is set up for > something that doesn't have the required CA certificate. > > Best wishes, > > Bruno. > > > On 24/08/10 12:48, Xavier Méhaut wrote: > > We use tomcat 5.5 with SSL, and restlet 2.0... The problem occurs when > > trying to access through the ClientResource setted with HTTPS protocol... > > regards > > Xavier > > > > 24 août 2010 11:56:38 org.restlet.engine.http.connector.Connection > > writeMessage > > ATTENTION: Exception while writing the message headers. > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > > Source) > > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > > Source) > > at > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > > Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown > > Source) > > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown > Source) > > at java.io.BufferedOutputStream.flushBuffer(Unknown Source) > > at java.io.BufferedOutputStream.flush(Unknown Source) > > at > > > org.restlet.engine.http.connector.Connection.writeMessageHead(Connection.java:919) > > at > > > org.restlet.engine.http.connector.Connection.writeMessageHead(Connection.java:933) > > at > > > org.restlet.engine.http.connector.Connection.writeMessage(Connection.java:806) > > at > > > org.restlet.engine.http.connector.ClientConnection.writeMessage(ClientConnection.java:297) > > at > > > org.restlet.engine.http.connector.Connection.writeMessages(Connection.java:966) > > at > > org.restlet.engine.http.connector.Controller$1.run(Controller.java:81) > > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > > Source) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown > Source) > > at java.lang.Thread.run(Unknown Source) > > Caused by: sun.security.validator.ValidatorException: PKIX path building > > failed: sun.security.provider.certpath.SunCertPathBuilderException: > > unable to find valid certification path to requested target > > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > > at sun.security.validator.PKIXValidator.engineValidate(Unknown > Source) > > at sun.security.validator.Validator.validate(Unknown Source) > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown > Source) > > at > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > > Source) > > at > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > > Source) > > ... 19 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > > unable to find valid certification path to requested target > > at > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > > Source) > > at java.security.cert.CertPathBuilder.build(Unknown Source) > > ... 25 more > > > > 2010/8/24 Bruno Harbulot <[email protected] > > <mailto:[email protected]>> > > > > Hi Xavier, > > > > If you're using Restlet within a Servlet environment, it's the > container > > configuration that matters regarding SSL. If you have configured SSL > on > > your Tomcat container, this should be enough. > > What kind of errors do you get (and which version of Restlet, just > > in case)? > > > > Best wishes, > > > > Bruno. > > > > On 23/08/2010 15:39, Xavier M. wrote: > > > Hello, > > > We use Tomcat with SSL configuration to host our restlet > > application. Up > > > to now we don't succeed accessing restlets in ssl mode ; Do we > > need to > > > add ssl parameters in restlets too, or is the tomcat configuration > > > sufficient? > > > regards > > > Xavier > > > > ------------------------------------------------------ > > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2650640 > > < > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2650640 > > > > > > > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2651189 > > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2651198
