Javax.net.ssl.SSLHandshakeException (CAS import certificate)

one. Error: javax.net.ssl.SSLHandshakeException

Two. Cause Analysis:
CAS deployments often involve the issue of certificate publishing for HTTPS. Because CAs and application services often share a single PC in an experimental environment, they run on the same JRE environment and Tomcat server, ignoring the actual use of the certificate, and when the CAs and applications are deployed on separate machines, they faint!

This assumes the following experimental environment to illustrate the appropriate deployment
Machine A: Deploy CAS service
Machine B: Deploying OA applications
Machine C: User browser side

1. A. KeyStore certificate file generated by machine A, the certificate issuer is the full domain name of machine A
2. The configuration of the HTTPS in the Server.xml file for the tomcat that is used to deploy CAS on machine A, point to the. keystore File Certificate
3. The credential file exported from. KeyStore is copied to machine B and imported into the certificate Library of Machine B's JRE environment
4. Tomcat deploying OA on machine B must specify that it is running on the import credentials JRE environment, not the JDK, which is often mistaken.

Three. Import the certificate step:
1. Locate the JRE
1) The OA application of Machine B is deployed directly in Tomcat
>>> Independent JRE
If you choose to install the JRE at the same time when installing the JDK, the system runs on a separate JRE.
Why? Because the program automatically helps you to add the JRE's java.exe to the system variables when installing the standalone JRE, the verification method is simple, and we see that the system environment variable has "%systemroot%system32;%systemroot%" in the front of the path. Such a configuration, then go to windows/system32 below to see it, found what? There is a java.exe.
JRE in >>>JDK.
If the standalone JRE is not installed at the same time, the system runs on the JRE that comes with the JDK.
2) The OA application of Machine B is developed and tested in MyEclipse.
myeclipse-right Project-java Build path-libraries-Double-click jre-is generally workspace default JRE;
Myeclipse-windows-preferences-java-installed jres-to the right of the MyEclipse default comes with the JDK, double-click to find the JRE home;
2. Copy the certificate to machine a xxx.cer file to machine B
3. Import commands
CMD into the command-line window;
CD into the JRE directory \lib\security;
Keytool-import-alias cacerts-keystore JRE Directory \lib\security\cacerts-file certificate directory \xxx.cer-trustcacerts;
Prompt Enter password: changeit;
OK: Y
4. If Keytool is not available, see if the Path,classpath is configured correctly.

< above for reference >

Import of certificates:

1. View Certificate: Keytool-list-keystore/xxx/cacerts-storepass Changeit

2. Delete the certificate with the same name: Keytool-delete-alias certificate name-keystore/xxx/cacerts-keypass Changeit

3. Import Certificate: Keytool-import-alias certificate name-file/xxx/server.cer-keystore/xxx/cacerts-storepass Changeit or

Keytool-import-v-rfc-trustcacerts-alias certificate name-file/xxx/server.cer-keystore/xxx/cacerts-storepass Changeit-keysto Re Cacerts is located in the full path-storetype JKS;

4. If Keytool is not available (hints are not internal commands); Cd/xxx/jdk1.xxx/bin

or directly inside the classpath configuration%java_home%\lib\tools.jar;

Javax.net.ssl.SSLHandshakeException (CAS import certificate)