Full trace of my exception is:

我的异常的完整跟踪是：

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

First of all I'd like to say that I know that it's very common exception, and I tried to apply different solutions, I'll describe them later, but nothing help me.

首先我想说我知道这是非常常见的异常，我尝试应用不同的解决方案，稍后我会描述它们，但没有任何帮助。

So, I have two instances of tomcat 7 on same machine. Directly speaking, these instances have each own CATALINA_BASEdirectory, but common CATALINA_HOME. Also they are isolated - ports configured so that instances don't interfere. One instance - server - with deployed web application, servlet. And another instance for client - servlet too.

所以，我在同一台机器上有两个 tomcat 7 实例。直接说来，这些实例都有自己的CATALINA_BASE目录，但是通用的CATALINA_HOME. 它们也是隔离的 - 端口被配置，以便实例不会干扰。一个实例 - 服务器 - 带有部署的 Web 应用程序、servlet。还有另一个客户端实例 - servlet。

This is fragment of server.xml of server tomcat:

这是服务器tomcat的server.xml的片段：

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="true" sslProtocol="TLS" 
        truststoreFile="C:/Users/dpivovar/ssl_server.jks" 
        truststorePass="start123"
        keystoreFile="C:/Users/dpivovar/ssl_server.jks" 
        keystorePass="start123"/>

And this fragment of client tomcat:

还有这个客户端tomcat的片段：

<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS" 
        truststoreFile="C:/Program Files/Java/jdk1.7.0_45/jre/lib/security/cacerts" 
        truststorePass="changeit"
        keystoreFile="C:/Users/dpivovar/ssl_client.jks" 
        keystorePass="start123" />

Work flow: client make attempt to do GET to the server, but it gets exception described above.

工作流程：客户端尝试对服务器执行 GET，但遇到上述异常。

What about certificates. I used java keytool. I made one keystore for server and separate for client. Each keystore contains private keyand public certificateof corresponding side. In above example client truststore refere to the jre cacerts keystore, because one of solution i found was to put public certificate of server to the jre cacerts. but it doesn't work for me. Another solution i found (http://www.nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target) offers via InstallCert tool to get an public certificate of server and then use it in client truststore. So now, in jre caserts there is a public certificate of server but exception is raised. Also, i have a simple client example - it's plain java program, through system property i set required paths to keystores, which i use for client, and in the same way i make GET to the server and it works, handshake occured, connection established.

证书呢。我使用了java keytool。我做了one keystore for server and separate for client。每个密钥存储库包含private key与public certificate对应侧的。在上面的示例中，客户端信任库参考 jre cacerts 密钥库，因为我发现的解决方案之一是将服务器的公共证书放入 jre cacerts。但这对我不起作用。我发现的另一个解决方案（http://www.nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target) 通过 InstallCert 工具提供获取服务器的公共证书，然后在客户端信任库中使用它。所以现在，在 jre caserts 中有一个服务器的公共证书，但引发了异常。此外，我有一个简单的客户端示例 - 它是普通的 Java 程序，通过系统属性我设置了密钥库所需的路径，我用于客户端，并以同样的方式让 GET 到服务器并且它工作，握手发生，连接建立.

So can you help me, what can be wrong, what prevents client which is deployed on tomcat to establish ssl connection with server?

那么你能帮我看看有什么问题，是什么阻止了部署在tomcat上的客户端与服务器建立ssl连接？