Hi all, I have following problem: a JSP opens a HTTPS connection to read a web page's content. On one server this fails with: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275) at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:626) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA12275) at org.apache.jsp.test_005fmrf_jsp._jspService(test_005fmrf_jsp.java:181) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
The target site has a valid Equifax Global Secure eBusiness CA certificate. The root certificate is included in JDK's cacert keystore. Confusing is: on another server it works, with same versions of Tomcat (5.0.24) and Java (1.4.2_10). Main difference is, that the non-working server has a HTTPS connector itself, with a Thawte SSL certificate. The JSP in question isn't accessed with HTTPS though. The working test server had no HTTPS defined, but I added one and created a self-signed certificate, and it still worked. Configuration of non-working server: <Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${catalina.home}/../webapps/.keystore" keystorePass="$$$$$$$$$$$$$$" /> ${catalina.home}/../webapps/.keystore only contains the server certificate, not trusted certificate entries. As you see, a trustStoreFiel is not set, so the JDK default cacerts should be used. The CA root certificate of our own server certificate is also not included in the keystore, but is by default in cacerts. HTTPS to this server works. Configuration of working server: <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${catalina.home}/../webapps/.keystore" keystorePass="$$$$$$$$$$" /> ${catalina.home}/../webapps/.keystore only contains the self-signed certificate. Difference is AFAIS only self-signed vs. CA signed certificate. My collegue did additional tests with the result: it works on server that have no HTTPS configured, and on server that do HTTPS with self-signed certificates. But it does not work on server with CA signed SSL certificates. Any ideas what the problem might be? Rainer Frey -- Software Development ------------------------------------------------------ Inxmail GmbH Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany Web http://www.inxmail.de --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]