You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jeanna Geier <jg...@apt-cafm.com> on 2007/02/28 00:16:50 UTC
Certificate Installation Issues
Hello List-
After having our application running smoothly with self-signed certificates,
we made the change today and purchased a Comodo InstantSSL certificate - and
after following the instructions on installing it, I'm having some problems
that I am hoping someone with more experience who has ran across this can
help me with..
I received three certificates from Comodo:
* AddTrustExternalCARoot.crt
* netrequest_biz.crt
* UTNAddTrustServerCA.crt
I followed their instructions on importing them in the order: 1) Root, 2)
IntermediateCA, 3) Domain/Site Certificate
On my Server, I ran the following to install the certificates into my Java
cacerts:
C:\Program
Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
root -file C:\AddTrustExternalCARoot.crt -keystore cacerts
C:\Program
Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
INTER -file C:\UTNAddTrustServerCA.crt -keystore cacerts
C:\Program
Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
netrequest -file C:\netrequest_biz.crt -keystore cacerts
For good measure (because I wasn't sure if I had to or not) I also added
them to my Java cacerts file on the pc that I'm going to use to remotely
connect to the Server...
OK, so my first test was to test that the certificate got installed on the
Server correctly, so I opened Internet Explorer and from the File -> Open
(Open as Web Folder) box typed: https://localhost:8443/slide/files - and I
was prompted with a 'Security Alert' that said that: "The security
certificate was issued by a company you have not chosen to trust. View the
certificate to determine whether you want to trust the certifying
authority." & "The name on the security certificate is invalid or does not
match the name of the site" (The security date was valid). So, when I clicke
don <View Certificate> two things struck me: 1) the issued by is
'netrequest.biz' (shouldn't this be Comodo - isn't this why we buy the
certificate? our self-signed ones had this on it...) and 2) the date Valid
from 2/27/2007 to 5/28/2007 (we purchased a two-year certificate, shouldn't
this be until 2009??). Even after installing the certificate, logging out,
and logging back in, I still get the "Security Alert" message box -
something we don't want our customers to have to deal with.
Second test: attempting to log into the Server where our DataBase is stored
to access it and run the program. However, after putting in my Username and
Password, when the program continues on to validate the sign-on, I get a
pop-up with the following error message: "IO Error loading patterns:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification pathe to requested target"
Prior to installing these new certificates from Comodo and while using our
self-signed ones, all was working OK; we're getting ready to "go live" in a
day and a half, so we really need to get this worked out, so any thoughts,
comments, or expertise that anyone could provide to help me straighten this
out would be greatly appreciated!!!
Thanks in advance for your time and help!!
-Jeanna
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Certificate Installation Issues
Posted by Paul Singleton <pa...@jbgb.com>.
Jeanna Geier wrote:
> Hello List-
>
> After having our application running smoothly with self-signed certificates,
> we made the change today and purchased a Comodo InstantSSL certificate - and
> after following the instructions on installing it, I'm having some problems
> that I am hoping someone with more experience who has ran across this can
> help me with..
>
> I received three certificates from Comodo:
>
> * AddTrustExternalCARoot.crt
> * netrequest_biz.crt
> * UTNAddTrustServerCA.crt
>
> I followed their instructions on importing them in the order: 1) Root, 2)
> IntermediateCA, 3) Domain/Site Certificate
>
> On my Server, I ran the following to install the certificates into my Java
> cacerts:
>
> C:\Program
> Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
> root -file C:\AddTrustExternalCARoot.crt -keystore cacerts
>
> C:\Program
> Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
> INTER -file C:\UTNAddTrustServerCA.crt -keystore cacerts
>
> C:\Program
> Files\Java\jdk1.5.0_06\jre\lib\security\keytool -import -trustcacerts -alias
> netrequest -file C:\netrequest_biz.crt -keystore cacerts
Maybe you should explicitly remove the old self-signed
certificate with alias 'netrequest' before replacing it?
Paul Singleton
> For good measure (because I wasn't sure if I had to or not) I also added
> them to my Java cacerts file on the pc that I'm going to use to remotely
> connect to the Server...
>
>
> OK, so my first test was to test that the certificate got installed on the
> Server correctly, so I opened Internet Explorer and from the File -> Open
> (Open as Web Folder) box typed: https://localhost:8443/slide/files - and I
> was prompted with a 'Security Alert' that said that: "The security
> certificate was issued by a company you have not chosen to trust. View the
> certificate to determine whether you want to trust the certifying
> authority." & "The name on the security certificate is invalid or does not
> match the name of the site" (The security date was valid). So, when I clicke
> don <View Certificate> two things struck me: 1) the issued by is
> 'netrequest.biz' (shouldn't this be Comodo - isn't this why we buy the
> certificate? our self-signed ones had this on it...) and 2) the date Valid
> from 2/27/2007 to 5/28/2007 (we purchased a two-year certificate, shouldn't
> this be until 2009??). Even after installing the certificate, logging out,
> and logging back in, I still get the "Security Alert" message box -
> something we don't want our customers to have to deal with.
>
> Second test: attempting to log into the Server where our DataBase is stored
> to access it and run the program. However, after putting in my Username and
> Password, when the program continues on to validate the sign-on, I get a
> pop-up with the following error message: "IO Error loading patterns:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification pathe to requested target"
>
>
> Prior to installing these new certificates from Comodo and while using our
> self-signed ones, all was working OK; we're getting ready to "go live" in a
> day and a half, so we really need to get this worked out, so any thoughts,
> comments, or expertise that anyone could provide to help me straighten this
> out would be greatly appreciated!!!
>
>
> Thanks in advance for your time and help!!
> -Jeanna
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Paul Singleton
Jambusters Ltd
tel: 01782 750821
fax: 08707 628609
VAT: 777 3904 85
Company no. 04150146
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org