Tomcat 5.5/Java 5 and SSL... 3

Posted by Steve Longdo Mon, 12 Dec 2005 20:30:00 GMT

I ran into a puzzling situation trying to setup Yale's CAS and the Spring Framework/Acegi contacts sample application on my workstation. I had CAS deployed on Tomcat 5.5 and the Acegi sample application deployed on BEA WebLogic 9.0, both running under Sun's JDK 1.5.0_06. I kept getting errors like:
Your CAS credentials were rejected.

Reason: HTTPS hostname wrong: <localhost> should be <127.0.0.1>
I couldn't figure this out because the server.xml for Tomcat included both the keystoreFile and truststoreFile parameters for the SSL connection. The JVM JRE cacerts file included self-signed certs for both the BEA server and the Tomcat server which should be picked up system wide whether or not I specifically include it in the server.xml file. I am not sure why but putting the following option on the Tomcat command line solved the problem:
-Djavax.net.ssl.trustStore="C:\Program Files\Java\jre1.5.0_06\lib\security\cacerts"
You can also see from this that it is a Windows workstation... I am documenting this for the benefit of other programmers and Google (which doesn't have much of anything about this particular problem).