I have implemented RMI over SSL to get a Java EJB Client application talking to a JRun server over SSL. It works fine from the command line, but when I try to run it as a Web Start application, I get
java.security.cert.CertificateException: Couldn't find trusted certificate
(More complete stack trace below)
I am using a test certificate, not one from a bona fide CA.
I have tried putting the key store file in one of the jars used by the application, and adding:
<argument>-Djavax.net.ssl.trustStore=jssecacerts</argument>
and
<argument>-Djavax.net.ssl.trustStore=jar:http://ip/app/xxx/lib/JarWithCacs.jar!/jssecacerts</argument>
to no avail.
If I copy the jssecacerts to Web Start's jre/lib/security directory, it works fine.
I have seen other postings that say to use keytool to update the JRE used by Web Start, but that kind of defeats the purpose of Web Start: zero admin client. I can't touch each user's machine.
I have seen other posts saying to implement a more relaxed trust manager, but that doesn't seem right either.
I am using JDK 1.4.1_02b6 on Win2k. This should be irrelevant: JRun 4 sp1a.
Is there a way to specify the jssecacerts file in the jnlp file so Web Start will recognize it?
Thanks for any help,
John