I'm using tomcat 6 (embedded server) in myEclipse 10.0 along with Apache CXF for a web services app. My problem is I'm trying to connect to a server that has a war file with some service code in it. However, when I try to hit it though the code, I'm getting this error from CXF:
WARNING: Interceptor has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message.
and then this error which seems to be the root problem:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I used InstallCert.java to hit the server and it gave me this:
Loading KeyStore jssecacerts... Opening connection to :443... Starting SSL handshake...
No errors, certificate is already trusted
I used Porticle to view the cacerts file and sure enough the server sha1 and md5 information matched exactly what was on the server. The cacerts file is located under the java/jre6/lib/security folder, which I thought was automatically picked up by tomcat when it loads.
I also created a .bin folder as another idea and put it under webapps directory for tomcat and modified the server xml like so:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="<path on my machine>/webapps/tomcat.bin" keystorePass="changeit" />
I found some articles that showed how to get the certificate loaded to your keystore, but that doesn't seem to be the issue, even though that is the common solution for this error. Is there something I'm missing or could there be another reason why I'm getting this error?
