GlassFish connecting to SLL web service

Question

I have a web app running on GlassFish v3 locally. The app connects to a REST web service that is on another server (not local). The connection is done through HTTPS. While trying to connect I get:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

I added the cert from the external ws directory to the local java keystore but that did not fix the problem.

Do I have to instruct GlassF to use the local keystore or something ? Or just by adding it to the java keystore it should work for the local GlassF too ?

Answer 1

You have two options:

1.) Replace the cacerts in the $JAVA_HOME/jre/lib/security directory with your keystore.

2.) Change the keystore at runtime like this:

System.setProperty("javax.net.ssl.keyStore", <path to the new keystore>);
System.setProperty("javax.net.ssl.keyStorePassword",<password of the keystore>);
System.setProperty("javax.net.ssl.trustStore",<path to the new keystore>);

Hope that helps!

EDIT: You might find this question helpful as well. The selected answer suggests to:

1.) Copy your keystore file to C:\\glassfish3\\glassfish\\domains\\domain1\\config\\

2.) Configure GlassFish to use SSL