OK, I've done everything I can think of to get my Lawson system up and running on SSL, but now a few features are broken cause Tomcat is returning the error:

IOException caught: javax.net.ssl.SSLException: untrusted server cert chain

I imported the ca certificate into my keystore so I am not sure why I should receive this error. Anyone got any ideas about how to fix this?

I had to set the following environment variable (AIX 5.3):

CATALINA_OPTS=-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

I added that to the Tomcat start-up script, but I'm still having no luck.

did you add com.sun.net.ssl.internal.ssl.Provider to java.security?

Yep, did that too. Verisign said it has to be a problem with the server not liking the intermidiate certificate, but I have it imported into the keystore and when I open it, it says it is valid, so I'm not sure why that should be a problem.

So is this an intermediate cert that is signed by Verisign, then you use that intermediate cert to self-sign the SSL cert?

Are you certain you added it to the correct cacert file? On my AIX box, there are 5 - I had to poke around to figure out the right one to add it to. It ended up being ${JAVA_HOME}/jre/lib/security/cacerts.

Yep, that's the same cacerts file where I imported the intermediate certificate. This is not a self-signed certificate. I bought it from Verisign. I received both the certificate and the intermediate from Verisign and they say they are able to import them just fine and this must be an issue with my server. That's what has me confused. What could it be?

Just my 2-cents'-worth:

When all else fails, check the security settings on the files.

In our setup, The people in my group sometimes can do stuff 'in person' that subsequently fails when they're automated. We found that this usually occurs because of inadequate permissions.

(Those in my group are all administrators. and the automated accounts often have lower access levels.)