Ok that sounds good then. My understanding is that it uses the keystore
set in the server.xml file. Are you send ing the request to the right
port? I didnt see anything in your code below specifying which port to
hit. I also found this reference online and may be something to try.
Export the certificate into a .cer file. (With internet explorer, goto
tools->internet options->content->certificates, and you can export
them). Once you have the .cer file, you need to place it in a store that
java can use...
In my case, the only certificate I wanted trusted was the one I provided
in the .cer file, so using keytool (provided with java), I imported the
certificate to a new store:
keytool -import -alias <insert alias here> -file <insert .cer filename>
-keystore <storename here>
If you are using a new store name, it should create a file in the
current directory with the <storename> you entered. Now, to make the
trustManager look in this store during initialization with your
application, you can need to set the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword properties (either during runtime, or
at the command prompt)
At the command prompt, it'd look like this:
java -Djavax.net.ssl.trustStore=<storename>
-Djavax.net.ssl.trustStorePassword=<password>
Hope that helps. Please let me know if it does.
Dave Patton
On Mon, 2002-10-21 at 11:30, [EMAIL PROTECTED] wrote:
> I generated a .keystore file for tomcat using
> keytool -genkey -alias tomcat -keyalg RSA
>
> this file was placed in /root/.keystore, the user home directory.
> I have used this .keystore to sign JAR files succesfully. Also, I
> have succesfully made an SSL connection TO tomcat from a web browser,
> I just can't seem to connect from tomcat.
>
> When Tomcat or JSSE tries to make a SSL connection, where does it
> look for the certificates? do I need to make another keystore file and
> place it somewhere else?
>
>
> --Monte Glenn Gardner
>
>
> On Mon, 21 Oct 2002, Dave Patton wrote:
>
> > Have you generated all your certificates for an ssl connection? If not
> > that will be the problem. If you have, make sure that Tomcat can find
> > the certificates in question. The Tomcat docs have a good piece on
> > hooking up SSL I followed it without a hitch.
> >
> > Dave Patton
> >
> > On Mon, 2002-10-21 at 10:34, [EMAIL PROTECTED] wrote:
> > > I have a Java Servlet running on Tomcat 4.1.12.
> > > At some point, this Servlet needs to send data to another Servlet which is
> > > right now on the same web-server, but in the future, it will be on a different
> > > web-server, also running Tomcat. I have installed the JSSE jar files in the
> > > JAVA_HOME/jre/ext/lib directory, and I can download web pages from Tomcat
> > > using https URL's.
> > >
> > > So, I open a URLConnection:
> > > try
> > > {
> > > URL servletURL = new
> > > URL(getServletConfig().getInitParameter("printServletURL"));
> > >
> > > URLConnection con = servletURL.openConnection();
> > >
> > > con.setUseCaches(false);
> > > con.setRequestProperty("CONTENT_TYPE","application/octet-stream");
> > > con.setDoInput(true);
> > > con.setDoOutput(true);
> > > .........
> > >
> > >
> > > When I run the servlet, I get the following Exception
> > > SEVERE: Handshake failed
> > > javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >
> > > So, how does one get a Java Servlet on Tomcat to act as an SSL client, and
> > > connect to another SSL server?
> > >
> > >
> > > --Monte Glenn Gardner
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
> > > For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
> >
> >
> > ___________________________
> > David H. Patton
> > C.O.S.
> > [EMAIL PROTECTED]
> > x4727 - desk
> > (202) 276-8998 - pcs
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
> > For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
___________________________
David H. Patton
C.O.S.
[EMAIL PROTECTED]
x4727 - desk
(202) 276-8998 - pcs
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
