Leave a comment at the end of this page or email contact@krishagni.com
Import the certificates into Tomcat (JVM)
- Krishna Waidande (Unlicensed)
Analytics
A Java TrustStore file holds certificates that authenticate other applications; for example, MySQL server, LDAP server. Using this file, OpenSpecimen will trust LDAP/MySQL as a legit partner.
The JVM (client), look up the certificates in its TrustStore. If the certificate or Certificate Authorities presented by the LDAP/MySQL is not in our TrustStore then the application gives an SSLHandshakeException and connection won’t be set up successfully.
Error:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Resolution:
Import the certificate file in keystore file using below command.
keytool -importcert -alias <alias-name> -file <cert-file> -keystore <truststore-file> -storepass mypasswordExample: keytool -importcert -alias ldap-certs -file /usr/local/openspecimen/certs/ldap.crt -keystore /usr/local/openspecimen/certs/ldap.keystore -storepass mypassword
2. Add this newly created truststore file into Tomcat (JVM).
Open the setenv.sh file present at $Tomcat/bin/ location and add below line in it.
export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=<path-to-keystore-file/ldap.keystore> -Djavax.net.ssl.trustStorePassword=<password> -server" Example: export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/usr/local/openspecimen/certs/ldap.keystore -Djavax.net.ssl.trustStorePassword=mypassword -server"
3. Once the configuraiton is done restart the Tomcat.
Related content
Leave a comment at the end of this page or email contact@krishagni.com