1 Reply Latest reply on Feb 25, 2013 1:56 PM by Eduardo Martins

    JBoss as a 1-way SSL client

    Dana Spice Newbie



      I'm attempting to configure a new install of JBOSS 7.1 for SSL. I need to make calls to a server protected via 1-way SSL.  Here's what I've done so far, but to no avail:


      1 - create a new keystore that contains the public cert from the server I'm connecting to

          keytool -genKey -alias jboss -keyalg RSA -keystore server.keystore
          keytool -import -alias dppub -keystore server.keystore -file root-ca-cert.pem (i've tried .der also)


      2 - configured jboss to use that keystore

          <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
              <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
              <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                  <ssl name="https" key-alias="jboss" password="xxxx" certificate-key-file="/Applications/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"/>
              <virtual-server name="default-host" enable-welcome-root="true">
                  <alias name="localhost"/>
                  <alias name="example.com"/>


      3 - Coded a servlet to make the call with:

          URL url = new URL(url);
          HttpsURLConnection urlConn = (HttpsURLConnection)url.openConnection();


      So, end result is I keep getting "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" I realize there are a lot of gaps in my description, but if anyone has any ideas, I would appreciate it!