Good afternoon,
I am trying to quickly implement SSL ability into our existing Apache Tomcat 5.5.23 installation (JDK 1.5.0_12 as base) and have gotten reasonably far but have run into a bit of a wall. I can navigate to https://www.sslhost.com/webapp/ and get the index page and it shows the proper SSL cert attached, but when I try to launch the application (Electronic Medical Record), I am getting the following error: Error Sending POST: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Details ============================= [SOAPException: faultCode=Error Sending POST: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetURL: I do not believe it is related directly to the EMR product but instead to perhaps the format of the cert I have from Network Solutions. I am using a PFX file for the keystore since this cert, so my server.xml looks like this: <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystorePass="password" keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 5.5\unitypg.pfx" /> I believe the error has to do with the fact that the certificate we received from Network Solutions had 3 other certs along with it: AddTrustExternalCARoot.crt, UTNAddTrustServer_CA.crt and NetworkSolutions_CA.crt. I ran the following commands to get these chain certs into the cacerts file (which I presume is what the error is complaining about… I'm new to this): keytool -import -trustcacerts -alias root -file C:\SSLCerts\AddTrustExternalCARoot.crt -keystore "C:\Program Files\Java\jdk1.5.0_12\jre\lib\security\cacerts" keytool -import -trustcacerts –alias INTER -file C:\SSLCerts\UTNAddTrustServer_CA.crt -keystore "C:\Program Files\Java\jdk1.5.0_12\jre\lib\security\cacerts" where I ran into a problem perhaps is with the third cert… keytool -import -trustcacerts -alias INTER2 -file C:\SSLCerts\NetworkSolutions_CA.crt -keystore "C:\Program Files\Java\jdk1.5.0_12\jre\lib\security\cacerts" No where I could find mentioned three certs…. Just a root and an INTER… so what is the extra cert? Is it right to think this is what is causing my error? Thanks for any and all help in advance, it is greatly appreciated! -Craig Regester
