JBoss AS 7 using proxy with HTTPS

1

I have a JBoss server on my development machine. In the company where we work we have a proxy. I need to test the Google recaptcha. It uses https. I configured the proxy information in the system-properties tag of the standalone.xml file of JBoss, as below:

<system-properties>
    <property name="http.proxyHost" value="xxxx"/>
    <property name="http.proxyPort" value="8080"/>
    <property name="http.proxyUser" value="xxxx"/>
    <property name="http.proxyPassword" value="xxxx"/>
    <property name="http.nonProxyHosts" value="localhost"/>

    <property name="https.proxyHost" value="xxxx"/>
    <property name="https.proxyPort" value="8080"/>
    <property name="https.proxyUser" value="xxxx"/>
    <property name="https.proxyPassword" value="xxxx"/>
    <property name="https.nonProxyHosts" value="localhost"/>
</system-properties>

But when I run a call that tries to use the proxy, the server returns the following error:

  

javax.net.ssl.SSLHandshakeException:   sun.security.validator.ValidatorException: PKIX path building failed:   sun.security.provider.certpath.SunCertPathBuilderException: unable to   find valid certification path to requested target

What should I do?

    
asked by anonymous 17.09.2015 / 13:46

1 answer

1

You need to add the certificate to the keystore file used in the JVM and located at %JAVA_HOME%\lib\security\cacerts .

First you can check that your certificate is already in the keystore file by executing the following command:

keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

You do not need to enter a password.

If you do not have your certificate you can download it using your browser and adding this to your key store with the following command:

keytool -import -noprompt -trustcacerts -alias <AliasName> -file   <certificate> -keystore <KeystoreFile> -storepass <Password>

After importing you can run the first command to arrive again if your certificate has been added.

Sun / Oracle information can be found here.

I hope you have helped.

References:

link

    
22.09.2015 / 21:43