Help with importing a webservice over SSL

matt3 · October 25, 2007, 12:00am

I am trying to import a web service into Centrasite that uses SSL and get the following error:

http-53307-Processor25, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

I know that means that tomcat doesn’t trust the cert the web service is using, but it actually doesn’t trust any certs because it can’t find the truststore:

setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : c:\cacerts
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
trustStore provider is : 
init truststore
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl

I’ve tried moving the cacerts file to various locations, including making sure it is in the jre\lib\security folder…and no luck. Does anyone have suggestions? I’ve already tried specifying the truststore using the jvm parameter

-Djavax.net.ssl.trustStore

with no luck.

I appreciate your time.

Matt Hartman

chars1 · May 23, 2011, 2:04pm

I have run into a case where CentraSite needs to trust the WSDL provider site via SSL. So, I need to tell centrasite to trust the site in order to attach WSDL successfully via URL

Try this out…
C:\Documents and Settings\All Users\Application Data\Software AG\Tomcat\cp8.0\bin\SAGCTP80.exe

-Dhttp.proxyHost=sydproxy.perpetual.com.au
-Dhttp.proxyPort=8080
-Dhttp.nonProxyHosts=“localhost|.perpetual.com.au|syd3k|is*”
-Dhttps.proxyHost=sydproxy.perpetual.com.au
-Dhttps.proxyPort=8080

-Djavax.net.ssl.keyStoreType=JKS
-Djavax.net.ssl.keyStore=
-Djavax.net.ssl.keyStorePassword=
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Djavax.net.debug=ssl
-Djavax.net.ssl.trustStore=
-Djavax.net.ssl.trustStorePassword=c

NOTE: the JKS used in the Tomcat application server is not relevant for the WSDL import, it is for the CentraSite Control SSL access.

C:\Documents and Settings\All Users\Application Data\Software AG\Tomcat\cp8.0\conf\server.xml

Sarath_Chandra · August 24, 2011, 12:10pm

Hi,

I’m facing similar issue.
I developed a code which communicates to a web service through SSL certificate (.pem file).
My implementation is working fine with Tomcat 5.5. But I’m facing issue with Tomcat 4.1 server. It was throwing-
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

I checked in the keystore, the related certificate was available. I configured SSL connectivity in server.xml. Even then I’m facing this issue.
Kindly suggest what might be wrong. Please let us know for any further clarifications needed.

Thanks in Advance.

Regards,
Sarath.