I have webapp that requires SSL communications to another webapp (which happens to be located on the same container for now). I've successfuly setup SSL according to the Wiki documentation:
http://www.jboss.org/wiki/Wiki.jsp?page=SSLSetup
SSL is working correctly. The certificate was signed by our own OpenSSL CA and imported into keystore (the file referenced in the tomcat server.xml) along with the CA's root cert. Listing the keystore shows:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
unit-tests-server, May 25, 2005, keyEntry,
Certificate fingerprint (MD5): 7E:17:C5:DE:96:9B:9A:E2:7F:4E:07:89:5C:E4:4B:D0
openssl-ca, May 25, 2005, trustedCertEntry,
Certificate fingerprint (MD5): D2:B1:53:85:06:24:B3:E4:7A:04:2B:4B:71:AA:DC:06
I have some 3rd party servlet filters that need to make HTTP calls to the site (same container, localhost). They're unable to communicate because they don't trust the CA the cert was issued by:
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 48 more
I guess my question is how I can get the webapps in JBoss to recognize the root CA that was added in $JBOSS_HOME/server/default/conf/localhost.keystore