Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Configure Tomcat to use a trust store other than cacerts

Tags:

java

https

ssl

tomcat

webclient

I'm running Tomcat 6 on Windows and would like to have Tomcat use a different trust store other than cacerts for Java client web requests. I've tried adding this setting:

-Djavax.net.ssl.trustStore="C:\ca.keystore"

To the registry in key:

 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java

That doesn't seem to work though. It still uses the JRE cacerts store. Our Java code makes web requests to HTTPS endpoints and I would like to keep the certificates in a key store other than the JRE one because it gets removed when java is uninstalled/updated.

like image 453
Andy Arismendi Avatar asked Mar 02 '11 00:03

Andy Arismendi

People also ask

Does Tomcat use cacerts?

But Tomcat still uses cacerts. I think the truststoreFile is just used to store client certificates from a client using a web browser and only used when clientAuth is set to true.

Where is Tomcat trust store?

Tomcat truststores are used to validate client certificates. On the Ubuntu OS, by default Tomcat uses the "cacerts" file as the CA trust store. The file is located in the /etc/ssl/certs/java/ folder with a link to the file in $JAVA_HOME/lib/security/cacerts.

Is cacerts a keystore or truststore?

'cacerts' is a truststore. A trust store is used to authenticate peers. A keystore is used to authenticate yourself.

What is the difference between a keystore and a truststore?

Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification. Truststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in SSL connection.

1 Answers

Turns out I was missing trustStorePassword. Here is the solution:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java 

-Djavax.net.ssl.trustStore="C:\ca.keystore" 
-Djavax.net.ssl.trustStorePassword="password"

Update: There seems to be some confusion in some of the comments here between what this setting and truststoreFile from server.xml do. I created a blog entry to explain the problem (in great detail) and how this solution addresses it and why the changing server.xml does not.

like image 196
Andy Arismendi Avatar answered Sep 21 '22 21:09

Andy Arismendi
Sign in to Comment

Related questions

Regular expression to parse a log file and find stacktraces
GlassFish v3 - portability of settings
How to define two persistence units (one for production, one for unit testing)?
How to retrieve header values from JTable
How can I run my code upon class load?
jEditorPane as a web browser
Java making a 'dot/pixel' In swing/awt
Is there a simple and safe way to convert a PrintWriter into a PrintStream?
Connecting a Microsoft Access Database to Java using JDBC and compiling
Force a full screen Activity to remeasure/redraw on resume?
Is synchronization needed while reading if no contention could occur
Head node in linked lists
Is dynamic overload resolution possible in Java?
Retrieving file content using FTPClient Java
Why junit ComparisonFailure is not used by assertEquals(Object, Object)?
What's the difference between calling Double.valueOf(String s) and new Double(String s)?
Calling a very simple clojure function from Java does not work
Lightweight way of waiting for a group of asynchronous Java calls
How to create spring bean with collection data decoupled from parent bean?
How to encrypt data using AES in Java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!