2 Replies Latest reply on May 25, 2005 5:37 PM by Scott Stark

    Importing Certificate Authorities

    Mike Cantrell Newbie

      I have webapp that requires SSL communications to another webapp (which happens to be located on the same container for now). I've successfuly setup SSL according to the Wiki documentation:


      SSL is working correctly. The certificate was signed by our own OpenSSL CA and imported into keystore (the file referenced in the tomcat server.xml) along with the CA's root cert. Listing the keystore shows:

      Keystore type: jks
      Keystore provider: SUN
      Your keystore contains 2 entries
      unit-tests-server, May 25, 2005, keyEntry,
      Certificate fingerprint (MD5): 7E:17:C5:DE:96:9B:9A:E2:7F:4E:07:89:5C:E4:4B:D0
      openssl-ca, May 25, 2005, trustedCertEntry,
      Certificate fingerprint (MD5): D2:B1:53:85:06:24:B3:E4:7A:04:2B:4B:71:AA:DC:06

      I have some 3rd party servlet filters that need to make HTTP calls to the site (same container, localhost). They're unable to communicate because they don't trust the CA the cert was issued by:

      Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:202)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
       ... 48 more

      I guess my question is how I can get the webapps in JBoss to recognize the root CA that was added in $JBOSS_HOME/server/default/conf/localhost.keystore