I didn't change anything on my tomcat but since 2 day ago around 23:00 pm "peer not authenticated" occurred and since then i can't login. The error is
2016-03-05 19:23:34 ERROR [UsernamePasswordAuthnHandler] - IOException happended during authentication
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:407)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at com.company.userservice.common.util.HttpUtil.execute(HttpUtil.java:256)
at com.company.userservice.common.util.HttpUtil.issueGetRequest(HttpUtil.java:94)
at com.company.userservice.engine.handler.UsernamePasswordAuthnHandler.authenticateUsernamePasswordInternal(UsernamePasswordAuthnHandler.java:124)
at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:71)
I guess it's caused by self-signed certificate expired but it show it's still valid:
keytool -list -v -keystore xxxx.jks
Serial number: 7a692bb1 Valid from: Thu Jul 03 16:13:19 CST 2014 until: Thu Jun 02 16:13:19 CST 2016 Certificate fingerprints:
And below are my configs in server.xml
<Connector port="8491" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat7_8091/conf/xxxx.jks" keystorePass="123456" />
What happened to the current self-signed key? I also tried to generate a new self-signed key but still same error as above. What should I do? It has been working for 2 yrs but suddenly it stopped working.
Fixing this issue is easy but spotting the root cause a painful process ... hope what i wrote here can help someone in the future and save some time.
The confiration in my properties file is wrong: A non-ssl port was set for a ssl port, in my case it should be 8443 while it was set to 8081
hence hte error.
8443 was enabled in tomcat server.xml like below:
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="D:\xxxx\keystore" keystorePass="123456"/>