Getting javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException. Not able to connect to application on HTTPS?

StackOverflow https://stackoverflow.com//questions/9566629

  •  06-12-2019
  •  | 
  •  

Question

hi i am using tomcat 6 as webserver. i have two webbapplication installed on tomcat on same port. Say App1 and App2. App1 connects to App2 . Then App2 again connects to App1 using jessionid(so url which app2 is sending is http://localhost/App1;jessionid=sessionidOfAp11) It works perfectly fine as long as i am on http. But as soon as i move to https App2 is not able to connects to App1 with same url. Another interesting fact is if i type same url on Brower , it connects to App1. I am not getting what is the mystery going here?

Edit :- here is the exact error i get 

 Caused by: sun.security.validator.ValidatorException: PKIX path building failed:     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid  certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 53 more
 Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)

Answer

Guys thanks for answer. Alon with ramesh answer i also had to do the stuff suggested at http://www.coderanch.com/t/134384/Security/Getting-error-No-subject-alternative.

Was it helpful?

Solution

Because App1 is connecting to App2 using https. The certificate of App2 should be there in the trust store of VM where the App1 runs.

Refer here to see how to add certificate to the keystore.

You can set the truststore using these system properties

    -Djavax.net.ssl.trustStore="C:/test/truststore"  
    -Djavax.net.ssl.trustStorePassword="test".

Moreover you dont have to communicate over https when client and server are there on

  • Same VM
  • Same Machine
  • Private Network

OTHER TIPS

Seems like you need to remove native tomcat library from {tomcat_home}/bin folder (tcnative-1.dll under windows, maybe tcnative-1.so under *nix). Tomcat uses APR if native library is in classpath. Read more about configuring SSL here

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top