development, java, web

Setup SSL Issues On Tomcat

2 Comments

I was trying to setup an external HTTP server so that I can test SSL connections from my Java app. I’ve done this with Tomcat server before. It was easy, just follow the instructions on Tomcat’s document site. All done.

    Environment

  • Windows XP Professional
  • Tomcat 6.0.29
  • Java 1.6

Not this time. A host of problems:

1.   javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)

2.  SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
	at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
	at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:721)


3.  SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted.  
    at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:647)
    at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:754)
    at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
    at org.apache.catalina.connector.Connector.start(Connector.java:1087)

The last issue above is very weird. I ran netstat and no other apps are using the ports that Tomcat is trying to use.

I won’t bore you with the details, suffice to say, I just removed the native library, tcnative-1.dll, from the Tomcat folder and everything works.

Well, not everything, I’m still getting, 

        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

But, that is more tractable.

Similar Posts:

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

2 thoughts on “Setup SSL Issues On Tomcat”

  1. For that issue you have to export your certifcate from your browser and import into the jre truststore.

    And the reason why that dll needs to be renamed is because, if not, the tomcat will use the APR for SSL instead of the JSSE that comes with the jre.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *