Connecting to web service via Java over SSL works from console but not Tomcat

Question

I have the following:

• Web service hosted on trusted enterprise domain intranet (hosted in IIS)
• Java console application used to test connection to web service
• Java web application hosted in Tomcat (running on localhost)

I can successfully send and receive data to and from the web service via a console application. However, when I use the exact same code and libraries in a web application hosted in Tomcat, I am receiving an SSL certificate error stating:

suncertpathbuilderexception: unable to find valid certification path to requested target

Any reason why it would work via console but not via Tomcat on localhost. For what it's worth, it doesn't work on my dev (non-localhost) box either when hosted in Tomcat. Maybe I am targeting a different JRE when launching Tomcat which doesn't have the trusted certificate?

The certificate is signed by my company's trusted enterprise authority, so I guess it's a sort of enterprise-wide self-signed certificate. The certificate authority is registered in Windows trusted certificate authorities when I check in the Management Console Certificate Snap-In. I suspect that doesn't matter though.

Am I going to have to use keytool to generate a certificate to add to the trust store on every server that will be hosting this Tomcat application?

Answer 1

It is possible that your Tomcat installation uses another JVM. You need to check your installation. Check where JAVA_HOME and JRE_HOME point to.

The JVM does not use the Windows trusted certificate authorities.

You will have to use keytool to import your company's trusted enterprise authorities certificate on each server, but you will NOT need to generate any certificates.