Hi,

Our existing client communicates to our server using 2 way SSL, both configured with JKS keystores and truststores, and this communication works fine.

Presently, we are switching from our WebSphere application server to tcServer. As a result, I am trying to get SSL configured on tcServer using the OpenSSL/Apache Portable Runtime method.

I have followed the instructions in the 6.0 documentation and have specified the necessary Listener and Connector.

However, after I invoke my client I get the following error message:
An IO error occurred while communicating with the server. com.ibm.jsse2.util.h: No trusted certificate found

This does not occur for my WebSphere server, when invoked using the same client certificates, so is definitely a server-side problem.

I then attempted to set the truststore using the environment variables in wrapper.conf, as follows:

Code:
-Djavax.net.ssl.trustStorePassword=passwordhere
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStore=truststore.jks
However, I still got the same trust store error. The following is my server.xml configuration as well:

Code:
<?xml version='1.0' encoding='utf-8'?>
<Server port="${shutdown.port}" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JasperListener" />
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

  <Listener className="com.springsource.tcserver.serviceability.rmi.JmxSocketListener"
            port="${jmx.port}"
            bind="127.0.0.1" 
            useSSL="false" 
            passwordFile="${catalina.base}/conf/jmxremote.password"
            accessFile="${catalina.base}/conf/jmxremote.access" 
            authenticate="true"/>

  <Listener className="com.springsource.tcserver.serviceability.deploy.TcContainerDeployer" />
  
  
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
  
    <Executor name="tomcatThreadPool" namePrefix="tomcat-http--" maxThreads="300" minSpareThreads="50"/>

    <Connector
           executor="tomcatThreadPool"
           port="8443"
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           connectionTimeout="20000"
           redirectPort="8443"
           acceptCount="100"
           maxKeepAliveRequests="15"
           SSLCertificateFile="name.crt" 
           SSLCertificateKeyFile="name.key"
		   SSLCACertificateFile="name.cer"
           SSLEnabled="true"
           scheme="https"
           secure="true"/>
	
	<Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true" deployOnStartup="true" deployXML="true" 
            xmlValidation="false" xmlNamespaceAware="false">
			
			
      </Host>
    </Engine>
  </Service>
</Server>
Has anyone any ideas where I am going wrong here?

Thanks