tomcat ssl 配置问题备忘

生成证书的时候,CN应该为你的服务端主机名或者IP,我这里使用的是localhost,因为客户程序也在本机跑.

否则会有错误

exception

javax.servlet.ServletException: HTTPS hostname wrong: should be <localhost>
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

root cause

java.io.IOException: HTTPS hostname wrong: should be <localhost>
在客户端,未导入证书,或者失败,也有错误:

javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)