Jon Roberts www.mentata.com
Jon Roberts wrote:
I am writing a servlet that connects to remote servers using SSL sockets. Although I can create SSL connections to these servers using other software, I can't seem to get my servlet to trust the certificate in tomcat.
The crux of the problem seems to be that I used a local CA. I import my ca certificate into a keystore:
keytool -import -alias myca -keystore /usr/local/tomcat/conf/catrust.jks -trustcacerts -file /tmp/cacert.pem
I use a password of "changeit". Then in the tomcat launch script I have:
CATALINA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/tomcat/conf/catrust.jks -Djavax.net.ssl.trustStorePassword=changeit"
export CATALINA_OPTS
Yet I still get the following thrown from within my servlet:
java.security.cert.CertificateException: Signature verification failed
What could be causing this to fail? As I said, this certificate and CA combination works fine for SSL through non-Java clients.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
