You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Conway Liu <cl...@xtra.co.nz> on 2012/01/09 11:19:11 UTC

SSL Certificate Update Not Reflected on the Website

Hi,

 

We used to use Thawte for our SSL certificate. Today I installed new SSL
certificate issued by VeriSign and there were no errors. The primary and
secondary intermediate CAs both imported into the keystore file properly,
and then the SSL issued by VeriSign imported as well. I updated the
server.xml to indicate the new keystore file with the keystore password.
Started Tomcat, checked the log files and there were no errors. But when I
browse to the website, it is still saying the SSL has expired and it's
showing the one issued by Thawte.

 

I tried to put an incorrect keystore password in server.xml and Tomcat did
generate errors in the log file, which means Tomcat is looking at the
correct keystore file.

 

We have also tried to reboot the server in case the old SSL was cached
somewhere but that didn't help.

 

Does anyone have any suggestion where might be wrong?

 

Thank you very much

Conway

Re: SSL Certificate Update Not Reflected on the Website

Posted by Ognjen Blagojevic <og...@gmail.com>.

Conway,

On 9.1.2012 11:19, Conway Liu wrote:
> Does anyone have any suggestion where might be wrong?

Do you have anything between your browser and Tomcat? Apache HTTPd, 
perhaps, or some kind of load balancer with SSL termination?

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: SSL Certificate Update Not Reflected on the Website

Posted by Conway Liu <cl...@xtra.co.nz>.

Thanks Pid.

The problem was actually due to the network admin had to also update the proxy server. Only if he responds quicker to my emails and calls....

Regards
Conway


-----Original Message-----
From: Pid [mailto:pid@pidster.com] 
Sent: Tuesday, 10 January 2012 8:36 a.m.
To: Tomcat Users List
Subject: Re: SSL Certificate Update Not Reflected on the Website

On 09/01/2012 10:44, Conway Liu wrote:
> Hi Pid,
> 
> I tried different browsers, and tried different computers.
> 
> What command line tool are you talking about?

Something like: curl or openssl


p

> Thanks
> Conway
> 
> -----Original Message-----
> From: Pid * [mailto:pid@pidster.com]
> Sent: Monday, 9 January 2012 11:37 p.m.
> To: Tomcat Users List
> Subject: Re: SSL Certificate Update Not Reflected on the Website
> 
> On 9 Jan 2012, at 10:20, Conway Liu <cl...@xtra.co.nz> wrote:
> 
>> Hi,
>>
>> We used to use Thawte for our SSL certificate. Today I installed new 
>> SSL certificate issued by VeriSign and there were no errors. The 
>> primary and secondary intermediate CAs both imported into the 
>> keystore file properly, and then the SSL issued by VeriSign imported 
>> as well. I updated the server.xml to indicate the new keystore file with the keystore password.
>> Started Tomcat, checked the log files and there were no errors. But 
>> when I browse to the website, it is still saying the SSL has expired 
>> and it's showing the one issued by Thawte.
>>
>> I tried to put an incorrect keystore password in server.xml and 
>> Tomcat did generate errors in the log file, which means Tomcat is 
>> looking at the correct keystore file.
>>
>> We have also tried to reboot the server in case the old SSL was 
>> cached somewhere but that didn't help.
>>
>> Does anyone have any suggestion where might be wrong?
> 
> Which browser are you using? Some cache Certs and don't reflect the change immediately.
> 
> Have you tried with a command line tool?
> 
> 
> p
> 
> 
>>
>>
>>
>> Thank you very much
>>
>> Conway
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


-- 

[key:62590808]



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Certificate Update Not Reflected on the Website

Posted by Pid <pi...@pidster.com>.

On 09/01/2012 10:44, Conway Liu wrote:
> Hi Pid,
> 
> I tried different browsers, and tried different computers.
> 
> What command line tool are you talking about?

Something like: curl or openssl


p

> Thanks
> Conway
> 
> -----Original Message-----
> From: Pid * [mailto:pid@pidster.com] 
> Sent: Monday, 9 January 2012 11:37 p.m.
> To: Tomcat Users List
> Subject: Re: SSL Certificate Update Not Reflected on the Website
> 
> On 9 Jan 2012, at 10:20, Conway Liu <cl...@xtra.co.nz> wrote:
> 
>> Hi,
>>
>> We used to use Thawte for our SSL certificate. Today I installed new 
>> SSL certificate issued by VeriSign and there were no errors. The 
>> primary and secondary intermediate CAs both imported into the keystore 
>> file properly, and then the SSL issued by VeriSign imported as well. I 
>> updated the server.xml to indicate the new keystore file with the keystore password.
>> Started Tomcat, checked the log files and there were no errors. But 
>> when I browse to the website, it is still saying the SSL has expired 
>> and it's showing the one issued by Thawte.
>>
>> I tried to put an incorrect keystore password in server.xml and Tomcat 
>> did generate errors in the log file, which means Tomcat is looking at 
>> the correct keystore file.
>>
>> We have also tried to reboot the server in case the old SSL was cached 
>> somewhere but that didn't help.
>>
>> Does anyone have any suggestion where might be wrong?
> 
> Which browser are you using? Some cache Certs and don't reflect the change immediately.
> 
> Have you tried with a command line tool?
> 
> 
> p
> 
> 
>>
>>
>>
>> Thank you very much
>>
>> Conway
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


-- 

[key:62590808]

RE: SSL Certificate Update Not Reflected on the Website

Posted by Conway Liu <cl...@xtra.co.nz>.

Hi Pid,

I tried different browsers, and tried different computers.

What command line tool are you talking about?

Thanks
Conway

-----Original Message-----
From: Pid * [mailto:pid@pidster.com] 
Sent: Monday, 9 January 2012 11:37 p.m.
To: Tomcat Users List
Subject: Re: SSL Certificate Update Not Reflected on the Website

On 9 Jan 2012, at 10:20, Conway Liu <cl...@xtra.co.nz> wrote:

> Hi,
>
> We used to use Thawte for our SSL certificate. Today I installed new 
> SSL certificate issued by VeriSign and there were no errors. The 
> primary and secondary intermediate CAs both imported into the keystore 
> file properly, and then the SSL issued by VeriSign imported as well. I 
> updated the server.xml to indicate the new keystore file with the keystore password.
> Started Tomcat, checked the log files and there were no errors. But 
> when I browse to the website, it is still saying the SSL has expired 
> and it's showing the one issued by Thawte.
>
> I tried to put an incorrect keystore password in server.xml and Tomcat 
> did generate errors in the log file, which means Tomcat is looking at 
> the correct keystore file.
>
> We have also tried to reboot the server in case the old SSL was cached 
> somewhere but that didn't help.
>
> Does anyone have any suggestion where might be wrong?

Which browser are you using? Some cache Certs and don't reflect the change immediately.

Have you tried with a command line tool?


p


>
>
>
> Thank you very much
>
> Conway
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Certificate Update Not Reflected on the Website

Posted by Pid * <pi...@pidster.com>.

On 9 Jan 2012, at 10:20, Conway Liu <cl...@xtra.co.nz> wrote:

> Hi,
>
> We used to use Thawte for our SSL certificate. Today I installed new SSL
> certificate issued by VeriSign and there were no errors. The primary and
> secondary intermediate CAs both imported into the keystore file properly,
> and then the SSL issued by VeriSign imported as well. I updated the
> server.xml to indicate the new keystore file with the keystore password.
> Started Tomcat, checked the log files and there were no errors. But when I
> browse to the website, it is still saying the SSL has expired and it's
> showing the one issued by Thawte.
>
> I tried to put an incorrect keystore password in server.xml and Tomcat did
> generate errors in the log file, which means Tomcat is looking at the
> correct keystore file.
>
> We have also tried to reboot the server in case the old SSL was cached
> somewhere but that didn't help.
>
> Does anyone have any suggestion where might be wrong?

Which browser are you using? Some cache Certs and don't reflect the
change immediately.

Have you tried with a command line tool?


p


>
>
>
> Thank you very much
>
> Conway
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org