stackoom
  简体   繁体   中英

Tomcat SSL: No trusted certificate found

 原文  2010-09-19 15:44:59       tomcat/ ssl/ ssl-certificate/ certificate/ keytool

Question

I created a certificate using keytool: 

keytool -genkey -alias tomcat -keyalg RSA

Exported and imported it into my keystore: 

keytool -export -alias tomcat name.crt
keytool -import -file name.crt

When I do keytool -list I have 2 entries: 

tomcat, Sept 15, 2010, keyEntry,
Certificate fingerprint (MD5): ...
mykey, Sept 17, 2010, trustedCertEntry
Certificate fingerprint (MD5):...

Note that the fingerprints for both entries are the same.

I configured my server.xml to point to my .keystore file 

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       keystoreFile="${user.home}/.keystore" keystorePass="changeit"
       clientAuth="false" sslProtocol="TLS" />

<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

But in my tomcat logs I see when I perform an action in my Java app: 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
...
sun.security.validator.ValidatorException: No trusted certificate found

Is there any other configuration that needs to be done?

1 answers

solution1
 1  2010-09-19 16:33:55

You need the client (ie the browser) to trust your servers certificates.

For this you either import the certificate of the server in the browser as a trusted certificate, which only works when you have the browser under your control. Or you get your certificate signed by a trusted authority, which costs money.

exporting and reimporting under a different name doesn't make any sense.

Update:

I think I start to understand what you are trying to do. You want a java client access a webapp via https. yes?

In this case you need to provide a 'truststore' ie a keystore containing the trusted certificates. You'll want to set the system Property javax.net.ssl.trustStore to the name of the truststore to use.

You'll probably can use a handcrafted TrustManager as well. This site seems to give information about that: http://download.oracle.com/javase/1.4.2/docs/guide/security/jsse/JSSERefGuide.html

This simple example might help as well: http://stilius.net/java/java_ssl.php

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL implementation in tomcat gives message as Server's certificate is not trusted Java notnoop,APNS No trusted certificate found from inside tomcat Trusted SSL With Self Sign Certificate In Tomcat Server Without Importing Certificate In Browser Tomcat and SSL Client certificate SSL on tomcat with wildcard certificate Tomcat - SSL certificate configure ssl tomcat certificate error SSL Wildcard Certificate into Tomcat How to use trusted certificate with nginx and tomcat? verisign certificate on tomcat is not trusted by remote server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM