i have 2 instances of tomcat running on same vm. 1 app in 1 tomcat call other app in second tomcat. each tomcat configured own set of ports in server.xml. each 1 has own security key. here snippet of server.xml.
<connector port="8443" protocol="org.apache.coyote.http11.http11protocol" maxthreads="150" sslenabled="true" scheme="https" secure="true" clientauth="false" keystorepass="apple123" keystorefile="/usr/myfirstkey" sslprotocol="tls" /> <!-- define ajp 1.3 connector on port 8009 --> <connector port="8009" protocol="ajp/1.3" redirectport="8443" /> when app in first tomcat makes rest call second app in second tomcat url "https://localhost:8444/dashboard", got error:
exception in sevlet sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target
can show me how fix it?
there's no reason use https communicate between 2 internal servers; use http , avoid trouble.
but if insist on https, need tomcat#1 trust certificate of tomcat#2 -
export certificate of tomcat#2 key store file
> keytool -exportcert -alias <alias> -file <xxx>.cer -keystore <keystore>.jks -storepass <password> import certificate trust store of tomcat#1
> keytool -importcert -alias <alias> -file <xxx>.cer -keystore <truststore> -storepass changeit the default trust store java-home/lib/security/cacerts; might better make copy of it, , configure tomcat#1 use copy.
Comments
Post a Comment