spitbag
Aug 10th, 2010, 04:47 PM
Hi,
Our existing client communicates to our server using 2 way SSL, both configured with JKS keystores and truststores, and this communication works fine.
Presently, we are switching from our WebSphere application server to tcServer. As a result, I am trying to get SSL configured on tcServer using the OpenSSL/Apache Portable Runtime method.
I have followed the instructions in the 6.0 documentation and have specified the necessary Listener and Connector.
However, after I invoke my client I get the following error message:
An IO error occurred while communicating with the server. com.ibm.jsse2.util.h: No trusted certificate found
This does not occur for my WebSphere server, when invoked using the same client certificates, so is definitely a server-side problem.
I then attempted to set the truststore using the environment variables in wrapper.conf, as follows:
-Djavax.net.ssl.trustStorePassword=passwordhere
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStore=truststore.jks
However, I still got the same trust store error. The following is my server.xml configuration as well:
<?xml version='1.0' encoding='utf-8'?>
<Server port="${shutdown.port}" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycl eListener" />
<Listener className="com.springsource.tcserver.serviceability.rmi.JmxSo cketListener"
port="${jmx.port}"
bind="127.0.0.1"
useSSL="false"
passwordFile="${catalina.base}/conf/jmxremote.password"
accessFile="${catalina.base}/conf/jmxremote.access"
authenticate="true"/>
<Listener className="com.springsource.tcserver.serviceability.deploy.Tc ContainerDeployer" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactor y"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool" namePrefix="tomcat-http--" maxThreads="300" minSpareThreads="50"/>
<Connector
executor="tomcatThreadPool"
port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="8443"
acceptCount="100"
maxKeepAliveRequests="15"
SSLCertificateFile="name.crt"
SSLCertificateKeyFile="name.key"
SSLCACertificateFile="name.cer"
SSLEnabled="true"
scheme="https"
secure="true"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true" deployOnStartup="true" deployXML="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
Has anyone any ideas where I am going wrong here?
Thanks
Our existing client communicates to our server using 2 way SSL, both configured with JKS keystores and truststores, and this communication works fine.
Presently, we are switching from our WebSphere application server to tcServer. As a result, I am trying to get SSL configured on tcServer using the OpenSSL/Apache Portable Runtime method.
I have followed the instructions in the 6.0 documentation and have specified the necessary Listener and Connector.
However, after I invoke my client I get the following error message:
An IO error occurred while communicating with the server. com.ibm.jsse2.util.h: No trusted certificate found
This does not occur for my WebSphere server, when invoked using the same client certificates, so is definitely a server-side problem.
I then attempted to set the truststore using the environment variables in wrapper.conf, as follows:
-Djavax.net.ssl.trustStorePassword=passwordhere
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStore=truststore.jks
However, I still got the same trust store error. The following is my server.xml configuration as well:
<?xml version='1.0' encoding='utf-8'?>
<Server port="${shutdown.port}" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycl eListener" />
<Listener className="com.springsource.tcserver.serviceability.rmi.JmxSo cketListener"
port="${jmx.port}"
bind="127.0.0.1"
useSSL="false"
passwordFile="${catalina.base}/conf/jmxremote.password"
accessFile="${catalina.base}/conf/jmxremote.access"
authenticate="true"/>
<Listener className="com.springsource.tcserver.serviceability.deploy.Tc ContainerDeployer" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactor y"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool" namePrefix="tomcat-http--" maxThreads="300" minSpareThreads="50"/>
<Connector
executor="tomcatThreadPool"
port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="8443"
acceptCount="100"
maxKeepAliveRequests="15"
SSLCertificateFile="name.crt"
SSLCertificateKeyFile="name.key"
SSLCACertificateFile="name.cer"
SSLEnabled="true"
scheme="https"
secure="true"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true" deployOnStartup="true" deployXML="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
Has anyone any ideas where I am going wrong here?
Thanks