You need to specify the keystore in conf\server.xml. I assume that you've set up the SSL connector. Do a search on the string "keystoreFile" and set the value to the correct keystore.
----- Original Message ----- From: "Ert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 05, 2003 5:10 PM Subject: Debugging outbound SSL communications? I'm using a poorly-supported external service that interacts over SSL. I can connect fine to their production environment, but their developer environment apparently uses a less-well-known certifying authority, and when I try to use it I am thwarted: > javax.net.ssl.SSLException: Connection has been shutdown: > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Could not find trusted > certificate > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275) > at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) > at > sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406) > at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446) > at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180) > at java.io.InputStreamReader.read(InputStreamReader.java:167) The vendor informs me that I merely need to add the appropriate key: > The Equifax Key is not in Java by default. You need to add it. > Example: > > 1) cd $JAVA_HOME/jre/lib/security/cacerts > > 2) copy the GeoTrust root from here: > > http://www.geotrust.com/resources/roots/ > Equifax_Secure_Certificate_Authority.cer > to the file geotrustroot.cer in this directory > > 3) Run this command: > keytool -import -trustcacerts -alias geotrustroot -keystore cacerts > -file geotrustroot.cer -storepass changeit I've imported this key to every keystore I can find or think of on my Mac OS X system (keytool's default one, /Library/Java/Home/lib/security/cacerts, ~/.keystore, ~root/.keystore) and I continue to get the same error. So now I'm trying to figure out if a default Tomcat 4.1.24 install uses its own keystore. If not I'm hoping to find some way I can figure out what key the SSL connection is being presented with, and what keystore it's attempting to find a matching key in. I don't know if I just have the wrong certificate, or if I've put it in the wrong place. Any thoughts from the gallery? - Ert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
