You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Andrews, Wayne" <wa...@sap.com> on 2009/05/08 17:03:45 UTC
RE: SSL Mysterious Self Signed Certificate - FIXED
Problem fixed!
In summary Tomcat requires a .keystore file under c:\document and
settings\default user and as such the one there was not the one details
within server.xml.
I changed the entries within this default keystore, restarted tomcat and
excellent problem resolved.
Q: Whats the point of referencing a specific keystore within server.xml
if it does take notice of it?
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Saturday, 9 May 2009 12:53 AM
To: Tomcat Users List
Subject: Re: SSL Mysterious Self Signed Certificate
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wayne,
On 5/7/2009 5:23 PM, Andrews, Wayne wrote:
> I created a new keystore, imported the root certificate from Thawte,
> then the signed cert. The browser displays some self signed cert
> that has expired.
Wait, you signed the certificate? That's called a self-signed
certificate, when you .... sign the cert ... yourself.
If you are using a legitimate certificate /signed by Thawte/ and you're
still getting this error, there are two possibilities that I can think
of:
1. Thawte has a two-part cert, and you've only imported one of the
parts. This can happen with the new-fangled EV certs (we had this
problem ourselves... we had the VeriSign intermediate cert
installed on our servers for years, but we required a /second/
intermediate cert in order to get the new EV cert not to complain
on certain browsers (but not all... strange).
2. You aren't sending the cert you think you're sending to the
browser.
Use your browser to check the cert it's receiving, and check the
certificate "chain", too.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkoER2UACgkQ9CaO5/Lv0PAPXQCfeh1Ch8npN/x87WOwu5xO9CTJ
PxQAmgM7AueeiFMzInJ1ikGz+GwMUTW+
=6AJn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL Mysterious Self Signed Certificate - FIXED
Posted by Hassan Schroeder <ha...@gmail.com>.
On Fri, May 8, 2009 at 8:03 AM, Andrews, Wayne <wa...@sap.com> wrote:
> In summary Tomcat requires a .keystore file under c:\document and
> settings\default user and as such the one there was not the one details
> within server.xml.
That would be terribly awkward for all of us running Tomcat successfully
on non-Windows platforms, eh? :-)
> Q: Whats the point of referencing a specific keystore within server.xml
> if it does take notice of it?
Referencing a "specific keystore" most assuredly works just fine --
your configuration has an error somewhere.
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Mysterious Self Signed Certificate - FIXED
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andrews, Wayne [mailto:wayne.andrews@sap.com]
> Subject: RE: SSL Mysterious Self Signed Certificate - FIXED
>
> In summary Tomcat requires a .keystore file under c:\document and
> settings\default user and as such the one there was not the one details
> within server.xml.
That's simply not true; you can specify the location in the <Connector> element. Post your server.xml so we can see what it looks like. (Obfuscate any sensitive information, of course.)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org