• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

problems with https and servlet

I have servlet on Tomcat 4.1, which initialize hash map via https and i receive error:
https://localhost:8443/j_mining/EnterACatalogRecord.htm java.security.cert.CertificateException: Couldn't find trusted certificate

maybe someone know something about this error.
0
berniunas
Asked:
berniunas
  • 5
  • 4
  • 3
1 Solution
 
cheekycjCommented:
this means that the cert on your machine isn't trusted by Java.

you need to add it to the trusted certs.

do this:
first back up your current certs by backing up the file:
\jre\lib\security\cacerts

then add your cert using the keytool command:
keytool -import -file testcert.crt -alias testalias -keystore cacerts
more info here:
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/guides/ejb/html/Security7.html
http://java.sun.com/webservices/docs/ea2/tutorial/doc/WebAppSecurity6.html#64437
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html

good overview of files involved:
http://java.sun.com/docs/books/tutorial/security1.2/summary/files.html

CJ
0
 
cheekycjCommented:
0
 
cheekycjCommented:
sorry for all the posts but I ran into this..  A good step by step guide:
http://www.caucho.com/quercus/faq/question.xtp?question_id=1306

tomcat specific instructions:
http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.html

your basic instructions are:
INSTRUCTIONS

1. Download JSSE 1.0.2 or later and make it an "installed extension" by copying
   the JAR files into "$JAVA_HOME/jre/lib/ext".

2. Create the certificate keystore (passwords: "changeit")

   keytool -genkey -alias tomcat -keyalg RSA

3. Add the "com.sun.net.ssl.internal.ssl.Provider" provider to the
   java.security file.

4. Uncomment the secure connector example in server.xml and tweak as necessary

[noted in the faq here: http://w6.metronet.com/~wjm/tomcat/2001/Aug/msg00494.html]

HTH,
CJ
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
kennethxuCommented:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
if you are using jdk1.4, you don't need to download jsse.
if your keystore is corruptted, backup and delete .keystore file from your home directory:
cd %USERPROFILE%
ren .keystore .keystore.bak
0
 
berniunasAuthor Commented:
the main problem is that when i open my servlet my keystore works well, but the servlet generate html, which it tries to send via https, and then i receive an error. i generated my cert how Tomcat documentation recommends.
0
 
cheekycjCommented:
servlet generating html shouldn't be a problem.

your cert was generated using the above guides?

CJ
0
 
cheekycjCommented:
make sure that the keystore that you created is stored in the JRE that tomcat is using to run.

CJ
0
 
kennethxuCommented:
not quite sure what do you mean by "open my servlet ... works well", but "html .. via https .. error"

isn't you access your servlet like https://localhost:8443/yourservlet ?
0
 
berniunasAuthor Commented:
this is a piece o my servlet:
try {
        URL u = new URL( rScheme + "://" + rHost + "/j_mining/EnterACatalogRecord.htm");
        InputStream in = u.openStream();
        qqq.replace( in ,bout ,CatEntMap);
        in.close();
      }
      catch (Exception e) {
        out.println(rScheme + "://" + rHost + "/j_mining/EnterACatalogRecord.htm" );
        out.println(e.getMessage() );
---------------------------------------
if i access this servlet via 8080 port then i receive no errors,because no cert on this port. if i access servlet via 8443 then i have error. servlet can't open EnterACatalogRecord.htm without cert error. Ok i will try to generate a new cert with your recomendations.
thaks
0
 
kennethxuCommented:
no, here the problem is, what is the rScheme and rHost? I assume it is on another server so you have to use URL to read it. so cannot you just use http://hostname/j_mining/EnterACatalogRecord.htm ?
0
 
berniunasAuthor Commented:
In my servlet  String rScheme  = request.getScheme()
 String rHost = request.getHeader("Host")
It will be ok to do like http://hostname/j_mining/EnterACatalogRecord.htm, but the firewall let only on https. anyway, thanks for helping.
0
 
kennethxuCommented:
Wait! isn't request.getHeader("Host") returns the web server host name, which is the local machine that your servlet is running on? why is the firewall involved here then?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now