Getting javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException. Not able to connect to application on HTTPS?

StackOverflow https://stackoverflow.com//questions/9566629

  •  06-12-2019
  •  | 
  •  

Frage

hi i am using tomcat 6 as webserver. i have two webbapplication installed on tomcat on same port. Say App1 and App2. App1 connects to App2 . Then App2 again connects to App1 using jessionid(so url which app2 is sending is http://localhost/App1;jessionid=sessionidOfAp11) It works perfectly fine as long as i am on http. But as soon as i move to https App2 is not able to connects to App1 with same url. Another interesting fact is if i type same url on Brower , it connects to App1. I am not getting what is the mystery going here?

Edit :- here is the exact error i get 

 Caused by: sun.security.validator.ValidatorException: PKIX path building failed:     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid  certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 53 more
 Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)

Answer

Guys thanks for answer. Alon with ramesh answer i also had to do the stuff suggested at http://www.coderanch.com/t/134384/Security/Getting-error-No-subject-alternative.

War es hilfreich?

Lösung

Because App1 is connecting to App2 using https. The certificate of App2 should be there in the trust store of VM where the App1 runs.

Refer here to see how to add certificate to the keystore.

You can set the truststore using these system properties

    -Djavax.net.ssl.trustStore="C:/test/truststore"  
    -Djavax.net.ssl.trustStorePassword="test".

Moreover you dont have to communicate over https when client and server are there on

  • Same VM
  • Same Machine
  • Private Network

Andere Tipps

Seems like you need to remove native tomcat library from {tomcat_home}/bin folder (tcnative-1.dll under windows, maybe tcnative-1.so under *nix). Tomcat uses APR if native library is in classpath. Read more about configuring SSL here

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top