Important: Solved: Please help! stuck with SSL problems

Wed, 10 Sep 2003 10:10:11 -0700 

Hi,

After a couple of very nervous days, I stumbled upon this article:
http://www.discursive.com/articles/2002/06/tomcat_ssl.html

Apparently, Tomcat uses deprecated JSSE 1.0.2 API ( com.sun.net.ssl package)
and overrides the newer implementation (javax.net.ssl).
It forces ${user.home}/.keystore as a default keystore file and not cacerts.
It means if you want to open a client SSL from inside Tomcat,
do your own inits first (or use URLStreamHandler instead):

import com.sun.net.ssl.*; // yup, use your grandmother's api

      String keystorePass = "xxxxx";
      String keystoreFile = "xxxxx";
      KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      keyStore.load(new FileInputStream(keystoreFile),
keystorePass.toCharArray());
       TrustManagerFactory tmFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmFactory.init(keyStore);
      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(null, tmFactory.getTrustManagers(), null);
      HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());

Hope it will save some time to those stuck with this problem.

Cheers,

David


----- Original Message ----- 
From: "Eric Emminger" <[EMAIL PROTECTED]>
To: "Turbine Users List" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, September 09, 2003 8:55 PM
Subject: Re: Please help! stuck with SSL problems


> David
>
> David Bolshoy wrote:
> > Hi all,
> >
> > I seem to be stuck with a strange SSL problem. I am trying to open a
client SSL connection from inside Turbine service.
> > I get the following error:
> > java.net.SocketException: Default SSL context init failed: null
> >
> > The code is very simple:
> >   URL url = new URL(https://www.verisign.com);
> >   URLConnection connection = url.openConnection();
>
> Are you sure https (note the 's') can be used with URLConnection?
>
> > This code works perfectly in a standalone sample app. I am running
Blackdown JDK 1.4.1 (on RH 8), so JSEE is already inside my classpath.
> > What is also strange, when I add -Djavax.net.debug=all , no debug output
is ever seen! It seems like a classpath problem, but I am really not sure I
have some other SSL implementation.
>
> Is the sample app also a servlet, or something else? Maybe Tomcat is
> blocking with Catalina permissions.
>
> Eric
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to