"Rizwan Merchant" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi, > > We have a web based application running on Tomcat 6. The server.xml file > is configured so that the application can handle incoming https requests > on port 443 (default). When a user hits the URL http://www.mydomain.com, > it automatically redirects to https://www.mydomain.com (due to security > constraint set up in web.xml). > > We also have a web service running which is invoked by posting the > request message to http://www.mydomain.com/rpc2 > I am trying to enforce ssl on this service as well, but when a message > is posted to https://www.mydomain.com/rpc2 (secure using https > protocol), the client is seeing the following error: > (Posting the message to http://www.mydomain.com/rpc2 works fine) > > *Error 60:SSL certificate problem, verify that the CA cert is OK. > Details: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed* >
You didn't say what the client is so I can't offer much on how to fix it. But the error is saying that the client couldn't find the CA certificate that signed your Tomcat server certificate in it's list of trusted CAs. As a result, the client correctly desides not to trust your Tomcat server. You need to add the CA certificate to the client's trusted certificate list, as explained in the documentation for the client (but probably cacerts.pem). > Basically, the https is working fine on the website, but not for the web > service (which, from what I understand, is being handled by a separate > servlet, rpc2). > > Any ideas please? > > Thanks, > -Rizwan Merchant. > > > > -------------------------------------------------------------------------------- > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
