I am trying to set up my webapp to connect to an external database via
ssl. The database uses a self-signed certificate. I have created a
keystore with the self-signed CA and the client key & cert. This
keystore is configured via JAVA_OPTS in setenv.sh

JAVA_OPTS="-Djavax.net.ssl.keyStore=$CATALINA_BASE/conf/mysql.jks \
    -Djavax.net.ssl.keyStorePassword=password \
    -Djavax.net.ssl.trustStore=$CATALINA_BASE/conf/mysql.jks \

This allows me to connect to the database without a problem. However
now I cannot connect to any external web service because their certs
will no longer validate.

How do I configure tomcat such that the default cacerts is used in
addition to my self-signed certificates without importing those into
the default keystore (which is a Bad Idea™)?

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to