You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Janardhanan, Veni" <vj...@trueblue.com> on 2022/12/20 10:21:11 UTC

RE: Install CA signed certificate on Tomcat 9

Hi Chris,

This is my configuration, when I access the Central Management Console, the browser shows site as ‘Not Secure’, please advise.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                                           compressionMinSize="2048" URIEncoding="UTF-8" compression="on"
                                           certificateKeyAlias="pmuw2-crrpad001.corp.trueblueinc.com"
                             compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/javascript,application/json"
            maxThreads="200" scheme="https" secure="true" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="C:/SSL/certnew_pfx.pfx"
                                                          certificateKeystorePassword="Crystal!@#" keystoreType="PKCS12"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

Thanks,
Veni

From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Thursday, October 13, 2022 2:09 AM
To: users@tomcat.apache.org
Subject: Re: Install CA signed certificate on Tomcat 9

Veni, On 9/30/22 09: 20, Janardhanan, Veni wrote: > C: \>"C: \Program Files\RedHat\java-11-openjdk-11. 0. 13-1\bin\keytool" -list -keystore C: \SSL\myserver. keystore > Enter keystore password: > Keystore type: JKS > Keystore provider: 
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd

Veni,



On 9/30/22 09:20, Janardhanan, Veni wrote:

> C:\>"C:\Program Files\RedHat\java-11-openjdk-11.0.13-1\bin\keytool" -list -keystore C:\SSL\myserver.keystore

> Enter keystore password:

> Keystore type: JKS

> Keystore provider: SUN

>

> Your keystore contains 2 entries

>

> tomcat, Sep 8, 2022, PrivateKeyEntry,

> Certificate fingerprint (SHA-256): 8B:1D:5B:59:86:39:A5:CD:AB:2A:4A:45:13:2B:82:A1:44:CD:8A:E7:20:96:5A:02:0F:73:E3:5A:A6:DB:B6:FD

> tomcat1, Sep 29, 2022, trustedCertEntry,

> Certificate fingerprint (SHA-256): 1F:A1:D5:1A:AD:5C:57:6C:B8:90:D8:CA:D1:89:2D:E1:1E:1F:7E:78:D2:19:72:CE:CC:3B:25:03:DE:0F:E1:B6







On 9/30/22 07:16, Janardhanan, Veni wrote:

 > SSLHostConfig details :

 >

 > <SSLHostConfig protocols="TLSv1.2">

 >

 >              <Certificate

 > certificateKeystoreFile="C:/SSL/myserver.keystore"

 >

 >

 > certificateKeystorePassword=" " />

 >

 >          </SSLHostConfig>

 >



Double-check that the password is correct. I don't think you can use "no

password" with Tomcat, and keytool has some issues with that as well.



The default format is JKS which is the format of your keystore.



The error "invalid keystore format" is usually because the password is

incorrect.



If you have a key password which is different than your keystore

password (uncommon but possible) then you must specify /both of them/ in

your configuration.



-chris



---------------------------------------------------------------------

To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>

For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>