Tomcat 5.5/Java 5 and SSL... 3

Posted by Steve Longdo Mon, 12 Dec 2005 20:30:00 GMT

I ran into a puzzling situation trying to setup Yale's CAS and the Spring Framework/Acegi contacts sample application on my workstation. I had CAS deployed on Tomcat 5.5 and the Acegi sample application deployed on BEA WebLogic 9.0, both running under Sun's JDK 1.5.0_06. I kept getting errors like:
Your CAS credentials were rejected.

Reason: HTTPS hostname wrong: <localhost> should be <127.0.0.1>
I couldn't figure this out because the server.xml for Tomcat included both the keystoreFile and truststoreFile parameters for the SSL connection. The JVM JRE cacerts file included self-signed certs for both the BEA server and the Tomcat server which should be picked up system wide whether or not I specifically include it in the server.xml file. I am not sure why but putting the following option on the Tomcat command line solved the problem:
-Djavax.net.ssl.trustStore="C:\Program Files\Java\jre1.5.0_06\lib\security\cacerts"
You can also see from this that it is a Windows workstation... I am documenting this for the benefit of other programmers and Google (which doesn't have much of anything about this particular problem).
Trackbacks

Use the following link to trackback from your own site:
http://www.stevelongdo.com/articles/trackback/34

Comments

Leave a response

  1. Sen Binclair about 22 hours later:
    gem install rails
  2. Steve about 22 hours later:
    Thanks Sen-dog! If only my employer would see the light as well. I hope to be doing some Rails informational posting in the very near future...
  3. eel 3 days later:
    nice xmas theme but it's still wierd in ie. fyi...
Comments