?
Solved

problems with https and servlet

Posted on 2003-03-04
12
Medium Priority
?
294 Views
Last Modified: 2010-04-01
I have servlet on Tomcat 4.1, which initialize hash map via https and i receive error:
https://localhost:8443/j_mining/EnterACatalogRecord.htm java.security.cert.CertificateException: Couldn't find trusted certificate

maybe someone know something about this error.
0
Comment
Question by:berniunas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 8066317
this means that the cert on your machine isn't trusted by Java.

you need to add it to the trusted certs.

do this:
first back up your current certs by backing up the file:
\jre\lib\security\cacerts

then add your cert using the keytool command:
keytool -import -file testcert.crt -alias testalias -keystore cacerts
more info here:
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/guides/ejb/html/Security7.html
http://java.sun.com/webservices/docs/ea2/tutorial/doc/WebAppSecurity6.html#64437
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html

good overview of files involved:
http://java.sun.com/docs/books/tutorial/security1.2/summary/files.html

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8066321
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8066345
sorry for all the posts but I ran into this..  A good step by step guide:
http://www.caucho.com/quercus/faq/question.xtp?question_id=1306

tomcat specific instructions:
http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.html

your basic instructions are:
INSTRUCTIONS

1. Download JSSE 1.0.2 or later and make it an "installed extension" by copying
   the JAR files into "$JAVA_HOME/jre/lib/ext".

2. Create the certificate keystore (passwords: "changeit")

   keytool -genkey -alias tomcat -keyalg RSA

3. Add the "com.sun.net.ssl.internal.ssl.Provider" provider to the
   java.security file.

4. Uncomment the secure connector example in server.xml and tweak as necessary

[noted in the faq here: http://w6.metronet.com/~wjm/tomcat/2001/Aug/msg00494.html]

HTH,
CJ
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 14

Expert Comment

by:kennethxu
ID: 8066711
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
if you are using jdk1.4, you don't need to download jsse.
if your keystore is corruptted, backup and delete .keystore file from your home directory:
cd %USERPROFILE%
ren .keystore .keystore.bak
0
 

Author Comment

by:berniunas
ID: 8072679
the main problem is that when i open my servlet my keystore works well, but the servlet generate html, which it tries to send via https, and then i receive an error. i generated my cert how Tomcat documentation recommends.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8072986
servlet generating html shouldn't be a problem.

your cert was generated using the above guides?

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8072990
make sure that the keystore that you created is stored in the JRE that tomcat is using to run.

CJ
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8073952
not quite sure what do you mean by "open my servlet ... works well", but "html .. via https .. error"

isn't you access your servlet like https://localhost:8443/yourservlet ?
0
 

Author Comment

by:berniunas
ID: 8077482
this is a piece o my servlet:
try {
        URL u = new URL( rScheme + "://" + rHost + "/j_mining/EnterACatalogRecord.htm");
        InputStream in = u.openStream();
        qqq.replace( in ,bout ,CatEntMap);
        in.close();
      }
      catch (Exception e) {
        out.println(rScheme + "://" + rHost + "/j_mining/EnterACatalogRecord.htm" );
        out.println(e.getMessage() );
---------------------------------------
if i access this servlet via 8080 port then i receive no errors,because no cert on this port. if i access servlet via 8443 then i have error. servlet can't open EnterACatalogRecord.htm without cert error. Ok i will try to generate a new cert with your recomendations.
thaks
0
 
LVL 14

Accepted Solution

by:
kennethxu earned 300 total points
ID: 8081482
no, here the problem is, what is the rScheme and rHost? I assume it is on another server so you have to use URL to read it. so cannot you just use http://hostname/j_mining/EnterACatalogRecord.htm ?
0
 

Author Comment

by:berniunas
ID: 8087694
In my servlet  String rScheme  = request.getScheme()
 String rHost = request.getHeader("Host")
It will be ok to do like http://hostname/j_mining/EnterACatalogRecord.htm, but the firewall let only on https. anyway, thanks for helping.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8089967
Wait! isn't request.getHeader("Host") returns the web server host name, which is the local machine that your servlet is running on? why is the firewall involved here then?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question