问题
I am having a web application on Apache Tomcat 7 and I have untrusted certificate on my web application. My web application has to communicate with another web application that is using https. However I always get this exception:
Failed to make connection: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I download the crt files from the browser from another application and I imported in jks keystore of my tomcat server.
Here is the configuration from server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="/opt/apache/apache-tomcat-7.0.55-test/conf/portalnew.jks" keystorePass="changeit" keyAlias="portalnew"/>
When I type
keytool -list -v -keystore portalnew.jks
I can see the crt files that I have added.
Also I added the crt files in cacerts.jks
回答1:
You need to configure your tomcat to trust this certificates. That could be achived by:
- create new java keystore (could be named by: tomcat.truststore)
- import all necessary certificates to the tomcat.truststore
add additional attributes in tomcat connector - server.xml file
truststoreFile="conf/store/tomcat.truststore" truststorePass="TruststorePassword"in your CATALINA_OPTS variable add:
-Djavax.net.ssl.trustStore=/opt/tomcat/conf/store/tomcat.truststore -Djavax.net.ssl.trustStorePassword=TruststorePassword
adjust your password to in the commands above
- restart tomcat
回答2:
I fix it by adding the .crt files in cacerts, not in cacerts.jks
来源:https://stackoverflow.com/questions/41460313/sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find-valid