0

Our external vendor WS uses "self signed certificate" and I downloaded and imported the certificate in trust store exactly as per the instructions given in below thread:

Digital Certificate: How to import .cer file in to .truststore file using?

I also verified that certificate was added properly by running following command:

keytool -list -v -keystore keystore.jks

I have added following entries in my run.config (JBoss) file:

if [ "x$JAVA_OPTS" = "x" ]; then
   JAVA_OPTS="-Xms1024m -Xmx2048m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djavax.net.ssl.trustStore=/jboss/jdk1.6.0_25/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassworld=changeit"
fi

Restarted services and still get following execption:

ERROR [org.jboss.ws.core.CommonClient] Exception caught while (preparing for) performing the invocation: 
java.io.IOException: Could not transmit message 

....
....
....

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

What could I be missing?

Community
  • 1
  • 1
Alex
  • 833
  • 3
  • 15
  • 28

1 Answers1

0

Are you using the same JVM (the one you point in the property javax.net.ssl.trustsotre) to run the JBoss instance where you've deployed your application?

If so, and provided that you seem to have installed the trusted certificate in the JVM-JRE cacerts file, you shouldn't need to specify those properties (neither trustStore nor trustStorePassword) because the JVM by default looks for trusted certificates in $JAVA_HOME/jre/lib/security/cacerts (you would only need to define those properties only if you want to use another keystore)

Ah, notice that to verify that the certificate is correctly installed in the cacerts you should use the same command you specify but pointing the -keystore parameter to $JAVA_HOME/jre/lib/security/cacerts (not keystore.jks).

Toni
  • 1,381
  • 10
  • 16