0

Hello everyone,

I have 2 Tomcat app servers (Tomcat1, Tomcat2) on 2 different hosts.

Tomcat1 is my main J2EE web application that has a commercial certificate, and the application works correctly.
Tomcat2 is a dependent component that has a self signed certificate.
both tomcats are behind a load balancer.

When calling my Tomcat2 component, I get the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I tried importing my self-singed cert on JVM of my Tomcat1 (and Tomcat2), but still same result.

Do I need to have the self-singed cert on my loadbalancer too?
Client's browser accesses directly Tomcat1 (main application), and when using dependent component on tomcat2, it sends request to client's browser directly, so I would assume my self-singed cert need to be loaded at loadbalancer level too?

Thanks.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1
Contributor
2
Replies
7
Views
1 Year
Discussion Span
Last Post by newbee_jv
0

Correction: I have my commercial certificate on my loadbalancer that acts as reverse proxy for public facing users.

My tomcat1 and tomcat2 both have self-signed certificate.
Question: Do I need my self-singed certs loaded on my loadbalancer?

Here's a visual picture.
Untitled.png

0

The problem was that recently we updated our commercial certificate AND changed provider. My tomcat1 JVM where the faileru was occuring, wasn't recognizing the new commercial cert CA autority, and as result faileur.

I had to import my ca root cert (in my case the bundle, including intermediate cert) into my tomcat1 JVM keystore, and that resolved the issue.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.