You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ross Rankin <ro...@careerfish.com> on 2004/06/11 16:45:17 UTC

Still using Self-signed Cert... How to stop it...

Ok, I can't figure this out.  I'm sure it's simple and I'm just missing it.


I created a tomcat server initially with a self-signed certificate to move
forward with testing while our cert authority was re-gen-ing a certificate
for us.  

Now, create a new keystore with the root certificate imported, update the
path in server.xml, however the server is still using the self-signed cert.

What am I missing?  

You can go to https://www.careerfish.com <https://www.careerfish.com/>  to
see the self-cert.  

 

I am installing on:

Tomcat Version             JVM Version      JVM Vendor                  OS
Name          OS Version       OS Architecture

Apache Tomcat/4.1.30   1.4.2_04-b05     Sun Microsystems Inc.   Linux
2.4.20-8smp      i386

 

Here's a listing of the installed certs:

[root@www1 logs]# keytool -list -keystore /etc/careerfish.key

Enter keystore password: 

 

Keystore type: jks

Keystore provider: SUN

 

Your keystore contains 3 entries

 

root, Jun 3, 2004, trustedCertEntry,

Certificate fingerprint (MD5):
C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58

tomcat, Jun 2, 2004, keyEntry,

Certificate fingerprint (MD5):
DE:93:10:3A:D1:1E:05:83:E4:EC:E0:18:D7:98:7D:FE

comodo, Jun 3, 2004, trustedCertEntry,

Certificate fingerprint (MD5):
2D:03:24:A9:05:F4:C8:A0:81:E9:98:9B:F5:C0:5D:21

 

Here's the relevant server.xml piece:

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="443"
minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100"
debug="0" scheme="https" secure="true" useURIValidationHack="false"
disableUploadTimeout="true">

  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="/etc/careerfish.key" keystorePass="xxxxx" clientAuth="false"
protocol="TLS" /> 

  </Connector>

 

Thanks.

 

Ross Rankin

 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org