wood burning stoves
The moose likes Sockets and Internet Protocols and the fly likes SSLHandshake exception [ PLEASE HELP] Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "SSLHandshake exception [ PLEASE HELP]" Watch "SSLHandshake exception [ PLEASE HELP]" New topic

SSLHandshake exception [ PLEASE HELP]

Kanu Dialani

Joined: Apr 30, 2005
Posts: 23
Hello all,
My situation is a lil complicated. I have apache, liferay and tomcat with liferay on a separate machine. Apache sends portal requests to liferay, liferay authenticates the user and accordingly sends authentication status to a webapplication deplyoed in tomcat. Then redirects the client to the webapplication.

Now the problem is when liferay is trying to communicate with tomcat over HTTPS i get an

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

I have tried to import the certificate into the cacerts but its still not working. Can any 1 help !!!
clive jordan
Ranch Hand

Joined: Apr 27, 2005
Posts: 39
Hi Kd,

I don't knoow the full details of your setup, however, it appears whatever is your client is not finding the certificate it needs. Although you will have setup a certificate for your server, you need to import this into the keystore that your client will use.

By default, this is ${JAVA_HOME}/jre/lib/security/cacerts

You can do this with keytool.
clive jordan
Ranch Hand

Joined: Apr 27, 2005
Posts: 39
It looks to me like liferay needs to know about the tomcat certificate. I am unfamiliar with liferay and would *assume* that it reads the default cacerts but it may be trying to read another keystore.

Tomcat, by default puts it's certificate in ${HOME}/.keystore where ${HOME} is the user home directory tomcat uses. I guess you must have done this as tomcat would not run under HTTPS otherwise. You can always check by pointing a web-browser at it using https://machinename:httpsport

You can export the certificate from .keystore using:

keytool -export -alias tomcat -file tomcat.cert

(provided you created the certificate and gave it an alias of 'tomcat')

Then you can import this into the default cacerts using:

keytool -import -alias tomcat -keystore ${JAVA_HOME}/jre/lib/security/cacerts -trustcacerts -file tomcat.cert

If liferay does not use the default cacerts file, I guess you have to check with the document where it expects to find certificates and re-run the keytool import specifying the correct keystore.

Just a few stabs in the dark....

I agree. Here's the link: http://aspose.com/file-tools
subject: SSLHandshake exception [ PLEASE HELP]
It's not a secret anymore!