Questions of Tomcat SSL configuration

Question

I have some question on configuration of Tomcat SSL and interation with it.

First I explain the problem: I have a domain on a virtual server to which I have installed the SSL certificate via Plesk (with Let's Encrypt extension). Now I want to configure Tomcat with SSL to access resources on the RESTful Web Service.

My questions are:

Is it correct to use the same certificate to configure Tomcat? I tried and when I open the Tomcat page on the browser the page is secure. But the problem is that when I try to access resources on the REST Web Service the client return an exception unable to find valid certification path to requested target. In RESTful Web Service through HTTPS I found the solution for Java client. But now my questions are:
To access resources on the REST do I must to load the certificate on the client (for any kinds of client? such as Android app, IOS app, Smart Device) or if tomcat is configured correctly do not must do it?
If I have to upload the certificate on the client, when certificate expired I have to update all my client with the renewed certificate?

Thanks in advance.

Usman Mutawakil · Accepted Answer · 2017-10-20T13:08:53.210

0

The SSL certificate only goes on the server. If the SSL certificate is not signed by a Certificate Authority (CA) then when testing your ios/android will complain but in development mode you can get them to ignore it. So as long as your cert is trusted by your clients you shouldn't have any issue on mobile apps, smart devices etc etc

Update

LetsEncrypt's Root CA seems to be untrusted/not-present in some versions of the Android key store -> Let's Encrypt on Android gives java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

edited Oct 20 '17 at 13:08

answered Oct 20 '17 at 12:05

Usman Mutawakil

4,993
9
43
80

I have configured Tomcat with Let's Encrypt certificate (CA) and when open Tomcat page the cert is recognized. If I use chrome client it woks, but if I use Java o Android client they return exception. So is the Tomcat configuration wrong?? – Pasquale Pio Pazienza Oct 20 '17 at 12:26
What error do you get from the Android? Is this the Android web browser or Android development environment? – Usman Mutawakil Oct 20 '17 at 12:44
Android Studio return `java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` – Pasquale Pio Pazienza Oct 20 '17 at 12:49
When you view your site in chrome do you get the green lock showing secure in the top left next to "https" ? – Usman Mutawakil Oct 20 '17 at 12:52
yes and in "Security overview" there is "This page is secure (valid HTTPS)." – Pasquale Pio Pazienza Oct 20 '17 at 12:58
I see. I looks like you did everything correct but LetsEncrypt's root cert is not recognized by all Android devices. I don't think your the only person having that problem. Are you hosting tomcat in the Cloud? AWS and some of the other big providers provide free SSL certificates for their customers. – Usman Mutawakil Oct 20 '17 at 13:07
See my last comment. I've also added an update with the Android link explaining the issue. – Usman Mutawakil Oct 20 '17 at 13:09
Thanks for your help! Yes...Tomcat is on Telecom virtual server. – Pasquale Pio Pazienza Oct 20 '17 at 13:15

Questions of Tomcat SSL configuration

1 Answers1