berniunas
asked on
problems with https and servlet
I have servlet on Tomcat 4.1, which initialize hash map via https and i receive error:
https://localhost:8443/j_mining/EnterACatalogRecord.htm java.security.cert.Certifi cateExcept ion: Couldn't find trusted certificate
maybe someone know something about this error.
https://localhost:8443/j_mining/EnterACatalogRecord.htm java.security.cert.Certifi
maybe someone know something about this error.
read exporting and importing certs at:
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet2/
CJ
http://developer.java.sun.com/developer/technicalArticles/Security/secureinternet2/
CJ
sorry for all the posts but I ran into this.. A good step by step guide:
http://www.caucho.com/quercus/faq/question.xtp?question_id=1306
tomcat specific instructions:
http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.html
your basic instructions are:
INSTRUCTIONS
1. Download JSSE 1.0.2 or later and make it an "installed extension" by copying
the JAR files into "$JAVA_HOME/jre/lib/ext".
2. Create the certificate keystore (passwords: "changeit")
keytool -genkey -alias tomcat -keyalg RSA
3. Add the "com.sun.net.ssl.internal. ssl.Provid er" provider to the
java.security file.
4. Uncomment the secure connector example in server.xml and tweak as necessary
[noted in the faq here: http://w6.metronet.com/~wjm/tomcat/2001/Aug/msg00494.html]
HTH,
CJ
http://www.caucho.com/quercus/faq/question.xtp?question_id=1306
tomcat specific instructions:
http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.html
your basic instructions are:
INSTRUCTIONS
1. Download JSSE 1.0.2 or later and make it an "installed extension" by copying
the JAR files into "$JAVA_HOME/jre/lib/ext".
2. Create the certificate keystore (passwords: "changeit")
keytool -genkey -alias tomcat -keyalg RSA
3. Add the "com.sun.net.ssl.internal.
java.security file.
4. Uncomment the secure connector example in server.xml and tweak as necessary
[noted in the faq here: http://w6.metronet.com/~wjm/tomcat/2001/Aug/msg00494.html]
HTH,
CJ
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
if you are using jdk1.4, you don't need to download jsse.
if your keystore is corruptted, backup and delete .keystore file from your home directory:
cd %USERPROFILE%
ren .keystore .keystore.bak
if you are using jdk1.4, you don't need to download jsse.
if your keystore is corruptted, backup and delete .keystore file from your home directory:
cd %USERPROFILE%
ren .keystore .keystore.bak
ASKER
the main problem is that when i open my servlet my keystore works well, but the servlet generate html, which it tries to send via https, and then i receive an error. i generated my cert how Tomcat documentation recommends.
servlet generating html shouldn't be a problem.
your cert was generated using the above guides?
CJ
your cert was generated using the above guides?
CJ
make sure that the keystore that you created is stored in the JRE that tomcat is using to run.
CJ
CJ
not quite sure what do you mean by "open my servlet ... works well", but "html .. via https .. error"
isn't you access your servlet like https://localhost:8443/yourservlet ?
isn't you access your servlet like https://localhost:8443/yourservlet ?
ASKER
this is a piece o my servlet:
try {
URL u = new URL( rScheme + "://" + rHost + "/j_mining/EnterACatalogRe cord.htm") ;
InputStream in = u.openStream();
qqq.replace( in ,bout ,CatEntMap);
in.close();
}
catch (Exception e) {
out.println(rScheme + "://" + rHost + "/j_mining/EnterACatalogRe cord.htm" );
out.println(e.getMessage() );
-------------------------- ---------- ---
if i access this servlet via 8080 port then i receive no errors,because no cert on this port. if i access servlet via 8443 then i have error. servlet can't open EnterACatalogRecord.htm without cert error. Ok i will try to generate a new cert with your recomendations.
thaks
try {
URL u = new URL( rScheme + "://" + rHost + "/j_mining/EnterACatalogRe
InputStream in = u.openStream();
qqq.replace( in ,bout ,CatEntMap);
in.close();
}
catch (Exception e) {
out.println(rScheme + "://" + rHost + "/j_mining/EnterACatalogRe
out.println(e.getMessage()
--------------------------
if i access this servlet via 8080 port then i receive no errors,because no cert on this port. if i access servlet via 8443 then i have error. servlet can't open EnterACatalogRecord.htm without cert error. Ok i will try to generate a new cert with your recomendations.
thaks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In my servlet String rScheme = request.getScheme()
String rHost = request.getHeader("Host")
It will be ok to do like http://hostname/j_mining/EnterACatalogRecord.htm, but the firewall let only on https. anyway, thanks for helping.
String rHost = request.getHeader("Host")
It will be ok to do like http://hostname/j_mining/EnterACatalogRecord.htm, but the firewall let only on https. anyway, thanks for helping.
Wait! isn't request.getHeader("Host") returns the web server host name, which is the local machine that your servlet is running on? why is the firewall involved here then?
you need to add it to the trusted certs.
do this:
first back up your current certs by backing up the file:
\jre\lib\security\cacerts
then add your cert using the keytool command:
keytool -import -file testcert.crt -alias testalias -keystore cacerts
more info here:
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/guides/ejb/html/Security7.html
http://java.sun.com/webservices/docs/ea2/tutorial/doc/WebAppSecurity6.html#64437
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html
good overview of files involved:
http://java.sun.com/docs/books/tutorial/security1.2/summary/files.html
CJ