Problem about web certificates when I have 2 applications

Navigation
1

good morning.

Work with:

  • Ubuntu 16.04
  • Tomcat 8
  • Java 1.8 (jdk)

I'm trying to set up a Tomcat server where I run two applications:

A) CAS server with security running on port 8443

B) Web application to which CAS redirects, it runs on port 8080

What I do is:

  • Create a certificate: 

    keytool -genkey -alias tomcat -validity 365 -keyalg RSA
keytool -certreq -alias tomcat -file autentia.csr

  • A certifying entity with openssl: 

    /usr/lib/ssl/misc/CA.sh -newca

  • Self-sign my certificate with my own entity: 

    cp autentia.csr newreq.pem
/usr/lib/ssl/misc/CA.sh -signreq
cp newcert.pem autentiaCertFirmadoPorCA.pem

  • This certificate is imported to the .keystore file as to the java cacerts : 

    keytool -import -alias autentiaCert -file autentiaCertFirmadoPorCA.pem 
sudo keytool -import -alias autentiaCert -file autentiaCertFirmadoPorCA.pem -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts
sudo cp /{RUTA}/.keystore /var/lib/tomcat8/lib/.keystore
sudo chown -R tomcat8: /var/lib/tomcat8/lib/.keystore

  • I also configure the file server.xml (only the part of connection on port 8443) of Tomcat as follows: 

    <Connector port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false" sslProtocol="TLS" maxThreads="150"
keystoreFile="/var/lib/tomcat8/lib/.keystore" 
keystorePass="root12" truststorePass="changeit"
truststoreFile="/usr/local/java/jdk1.8.0_131/jre/lib/security/cacerts" />

    • Finally I can access the CAS , but when I redirect myself to the other application, I get the following error (The complete trace is longer): 

    sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

    I think I understand that you can not find a valid certificate for the application of port 8080 , but it has no security, so it should not be necessary.

    But I ask for help to know if I am wrong and that I am wrong.

    Thank you very much in advance.

        
    asked by el_odiado76 07.06.2017 в 13:47
    source

    1 answer

    0

    I auto respond.

    It turns out that when installing with "apt-get" Tomcat8, it does not take well the java version. Proving this error even though it indicates in the server.xml file all the certificate files.

    To solve it, you only have to change the path of JAVA_HOME in the corresponding file, in my case the default route is: 

    /etc/default/tomcat8

    Thanks for your help.

        
    answered by 12.06.2017 / 12:30
    source
    Retrieve the values of the fields when going back to laravel Does not load image in div - Javascript