[Building Sakai] How to use web service with HTTPS protocol ?

Matthew Jones jonespm at umich.edu
Sat Sep 18 06:46:34 PDT 2010 

This error is because of the unsecured certificate.

Read this [1] and use the program attached to the article (InstallCert.java)
to add your servers cert to your local keystore (and then you'd add *
-Djavax.net.ssl.trustStore=/home/user/jssecacerts **to your JAVA_OPTS). I
actually goes out to the remote server you specify and adds all of the
certificates it needs. The only thing I've ever found that seems to work
reliably.*

This guide for setting up confluence has some tips to test it out with
openssl and a java app called "SSLPoke". You keep running it with either
this JAVA_OPT or adding it to the global keyStore until you don't get the
error anymore.

http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services

If you had a signed SSL, it would already be in the default certs and you
wouldn't have this problem.

[1] http://blogs.sun.com/andreas/entry/no_more_unable_to_find

On Sat, Sep 18, 2010 at 9:13 AM, chuot con <chuot_con1999 at yahoo.com> wrote:

> Hi Steve,
>
> When I tried the web services over SSL, I have received an error:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderExce
> ption: unable to find valid certification path to requested target
>
> How to offload the SSL onto Apache HTTP and put that in front of Tomcat ?
>
> Thank for your helping.
> Best regards.
>
> Thinh.
>
>
>
> --- On *Sat, 9/18/10, Steve Swinsburg <steve.swinsburg at gmail.com>* wrote:
>
>
> From: Steve Swinsburg <steve.swinsburg at gmail.com>
> Subject: Re: [Building Sakai] How to use web service with HTTPS protocol ?
> To: "chuot con" <chuot_con1999 at yahoo.com>
> Cc: "sakai-dev at collab.sakaiproject.org" <sakai-dev at collab.sakaiproject.org
> >
> Date: Saturday, September 18, 2010, 3:01 PM
>
>
> Hi Thinh,
>
> A self signed cert may need some special setup to get working, ie importing
> into the JVM keystore. You'd be best offloading the SSL onto Apache HTTP and
> putting that in front of Tomcat.
> What happens when you try the web services over SSL?
>
> cheers,
> Steve
>
>
>
> On 17/09/2010, at 2:25 AM, chuot con wrote:
>
> Hi Steve,
>
> I have generated a certificate by command:
>       keytool -genkey -alias tomcat -keyalg RSA
> And I used two files SakaiLogin.jws and SakaiScript.jws
> Is this the answer that you need ?
>
> Thank you so much.
>
> Regards.
> Thinh.
>
>
> --- On *Thu, 9/16/10, Steve Swinsburg <steve.swinsburg at gmail.com<http://mc/compose?to=steve.swinsburg@gmail.com>
> >* wrote:
>
>
> From: Steve Swinsburg <steve.swinsburg at gmail.com<http://mc/compose?to=steve.swinsburg@gmail.com>
> >
> Subject: Re: [Building Sakai] How to use web service with HTTPS protocol ?
> To: "chuot con" <chuot_con1999 at yahoo.com<http://mc/compose?to=chuot_con1999@yahoo.com>
> >
> Cc: "sakai-dev at collab.sakaiproject.org<http://mc/compose?to=sakai-dev@collab.sakaiproject.org>"
> <sakai-dev at collab.sakaiproject.org<http://mc/compose?to=sakai-dev@collab.sakaiproject.org>
> >
> Date: Thursday, September 16, 2010, 6:41 PM
>
> What is your SSL setup? We gave the WS running over SSL.
>
> Cheers
> Steve
>
> Sent from my iPhone
>
> On 15/09/2010, at 22:35, chuot con <chuot_con1999 at yahoo.com> wrote:
>
> Hi all,
>
> I wanted to use java web service in Sakai, HTTPS and tomcat.
> The web service can not run with HTTPS.
>
> Please help me resolve this problem.
>
> Thank you so much.
>
> Regards.
>
> Thinh.
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100918/491b9cbf/attachment.html

More information about the sakai-dev mailing list