SSL is not working

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSL is not working

Hameed, Amir
Hi,
I am trying to configure Tomcat 8.0.36 with SSL and running into some issues. The JDK version I am using is 1.8.0_64. I used the following process to implement SSL:

1.       Generated a java key store using the following command:
${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA -keysize 2048 \
-keystore [key-store-path]/keystore.jks -dname "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state], C=US"


2.       Generated CSR using the following command:
${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file [key-store-path]/[csr-file-name] \
-keystore [key-store-path]/keystore.jks


3.       Requested certificate from COMODO.

4.       Imported all Trusted certificates from COMODO into the key store using command. There were a total of three trusted certificates that we received from COMODO:
${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name] -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v


5.       Modified Tomcat's server.xml file as shown below:

    <Connector port="[ssl-port]" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS"

               keystoreFile="[key-store-path]/keystore.jks"

               keystoreType="JKS" keystorePass="[key-store-password]" />



6.       Restarted Tomcat.

7.       Accessed the Tomcat homepage from the browser using https and the browser complained about page being insecure. When I looked at the certificate from the browser, I see that the Certificate Path tab of the certificate shows that the trusted chain is incomplete and does not show the trusted certificates that I had imported into the key store.

What am I missing here? Any help will be appreciated.


Thank you,
Amir

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL is not working

M. Manna
Have you imported the signed server certificate into the server keystore
with all the root+intermediate certificates? in other words, does the
"chain-of-trust" exist in server keystore?

You just need to add the root and intermediate CA certs to trust store -
any server certs signed by them is by default, trusted.


On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]> wrote:

> Hi,
> I am trying to configure Tomcat 8.0.36 with SSL and running into some
> issues. The JDK version I am using is 1.8.0_64. I used the following
> process to implement SSL:
>
> 1.       Generated a java key store using the following command:
> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA -keysize
> 2048 \
> -keystore [key-store-path]/keystore.jks -dname "CN=[common-name],OU=[org-unit],
> O=[company-name], L=[city], ST=[state], C=US"
>
>
> 2.       Generated CSR using the following command:
> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> [key-store-path]/[csr-file-name] \
> -keystore [key-store-path]/keystore.jks
>
>
> 3.       Requested certificate from COMODO.
>
> 4.       Imported all Trusted certificates from COMODO into the key store
> using command. There were a total of three trusted certificates that we
> received from COMODO:
> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name] -file
> [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>
>
> 5.       Modified Tomcat's server.xml file as shown below:
>
>     <Connector port="[ssl-port]" protocol="org.apache.coyote.
> http11.Http11NioProtocol"
>
>                maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>
>                clientAuth="false" sslProtocol="TLS"
>
>                keystoreFile="[key-store-path]/keystore.jks"
>
>                keystoreType="JKS" keystorePass="[key-store-password]" />
>
>
>
> 6.       Restarted Tomcat.
>
> 7.       Accessed the Tomcat homepage from the browser using https and the
> browser complained about page being insecure. When I looked at the
> certificate from the browser, I see that the Certificate Path tab of the
> certificate shows that the trusted chain is incomplete and does not show
> the trusted certificates that I had imported into the key store.
>
> What am I missing here? Any help will be appreciated.
>
>
> Thank you,
> Amir
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: SSL is not working

Hameed, Amir
Thank you for your reply. Please see my answers below:

Have you imported the signed server certificate into the server keystore with all the root+intermediate certificates? in other words, does the "chain-of-trust" exist in server keystore?
>> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt + AddTrustExternalCARoot.crt + COMODORSAOrganizationValidationSecureServerCA.crt) into the server key store along with the signed server certificate.

You just need to add the root and intermediate CA certs to trust store - any server certs signed by them is by default, trusted.
>> I am new to Tomcat. Where can I find the trust store and is it separate from the server key store?

Thanks
-----Original Message-----
From: M. Manna [mailto:[hidden email]]
Sent: Friday, August 4, 2017 12:16 PM
To: Tomcat Users List <[hidden email]>
Subject: Re: SSL is not working

Have you imported the signed server certificate into the server keystore with all the root+intermediate certificates? in other words, does the "chain-of-trust" exist in server keystore?

You just need to add the root and intermediate CA certs to trust store - any server certs signed by them is by default, trusted.


On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]> wrote:

> Hi,
> I am trying to configure Tomcat 8.0.36 with SSL and running into some
> issues. The JDK version I am using is 1.8.0_64. I used the following
> process to implement SSL:
>
> 1.       Generated a java key store using the following command:
> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> -keysize
> 2048 \
> -keystore [key-store-path]/keystore.jks -dname
> "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state], C=US"
>
>
> 2.       Generated CSR using the following command:
> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> [key-store-path]/[csr-file-name] \ -keystore
> [key-store-path]/keystore.jks
>
>
> 3.       Requested certificate from COMODO.
>
> 4.       Imported all Trusted certificates from COMODO into the key store
> using command. There were a total of three trusted certificates that
> we received from COMODO:
> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>
>
> 5.       Modified Tomcat's server.xml file as shown below:
>
>     <Connector port="[ssl-port]" protocol="org.apache.coyote.
> http11.Http11NioProtocol"
>
>                maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>
>                clientAuth="false" sslProtocol="TLS"
>
>                keystoreFile="[key-store-path]/keystore.jks"
>
>                keystoreType="JKS" keystorePass="[key-store-password]"
> />
>
>
>
> 6.       Restarted Tomcat.
>
> 7.       Accessed the Tomcat homepage from the browser using https and the
> browser complained about page being insecure. When I looked at the
> certificate from the browser, I see that the Certificate Path tab of
> the certificate shows that the trusted chain is incomplete and does
> not show the trusted certificates that I had imported into the key store.
>
> What am I missing here? Any help will be appreciated.
>
>
> Thank you,
> Amir
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL is not working

M. Manna
if you are testing locally (i.e. on localhost) you might want to check if
the root and intermediate CA exists. Or just import it
1. Find out where your jdk is - say JDK_PATH
2. keep a backup copy somewhere for JDK_PATH\jre\lib\security\cacerts
2. run the following command for each root/intermediate CA cert
keytool -import -trustcacerts -keystore JDK_PATH\jre\lib\security\cacerts
-storepass changeit -noprompt -file CA_FILE_LOCATION

Restart your tomcat. and check.



On 4 August 2017 at 17:23, Hameed, Amir <[hidden email]> wrote:

> Thank you for your reply. Please see my answers below:
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
> + AddTrustExternalCARoot.crt + COMODORSAOrganizationValidationSecureServerCA.crt)
> into the server key store along with the signed server certificate.
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
> >> I am new to Tomcat. Where can I find the trust store and is it separate
> from the server key store?
>
> Thanks
> -----Original Message-----
> From: M. Manna [mailto:[hidden email]]
> Sent: Friday, August 4, 2017 12:16 PM
> To: Tomcat Users List <[hidden email]>
> Subject: Re: SSL is not working
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
>
>
> On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]> wrote:
>
> > Hi,
> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
> > issues. The JDK version I am using is 1.8.0_64. I used the following
> > process to implement SSL:
> >
> > 1.       Generated a java key store using the following command:
> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> > -keysize
> > 2048 \
> > -keystore [key-store-path]/keystore.jks -dname
> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
> ST=[state], C=US"
> >
> >
> > 2.       Generated CSR using the following command:
> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> > [key-store-path]/[csr-file-name] \ -keystore
> > [key-store-path]/keystore.jks
> >
> >
> > 3.       Requested certificate from COMODO.
> >
> > 4.       Imported all Trusted certificates from COMODO into the key store
> > using command. There were a total of three trusted certificates that
> > we received from COMODO:
> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
> >
> >
> > 5.       Modified Tomcat's server.xml file as shown below:
> >
> >     <Connector port="[ssl-port]" protocol="org.apache.coyote.
> > http11.Http11NioProtocol"
> >
> >                maxThreads="150" SSLEnabled="true" scheme="https"
> > secure="true"
> >
> >                clientAuth="false" sslProtocol="TLS"
> >
> >                keystoreFile="[key-store-path]/keystore.jks"
> >
> >                keystoreType="JKS" keystorePass="[key-store-password]"
> > />
> >
> >
> >
> > 6.       Restarted Tomcat.
> >
> > 7.       Accessed the Tomcat homepage from the browser using https and
> the
> > browser complained about page being insecure. When I looked at the
> > certificate from the browser, I see that the Certificate Path tab of
> > the certificate shows that the trusted chain is incomplete and does
> > not show the trusted certificates that I had imported into the key store.
> >
> > What am I missing here? Any help will be appreciated.
> >
> >
> > Thank you,
> > Amir
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL is not working

Chaitanya Sabbineni
In reply to this post by Hameed, Amir
Hi,

please try to import the certificate into the browser.

Truststore and keystore or not different it depends on the name you give.
example: tomcat_keystore.keystore or tomcat_trust.keystore and need to
provide the respective path and the password in the keystore.

please make sure that same alias name has to used through out the process.

please make sure if your keystore contains any private key entries using
keytool -list - v command. If you had imported proper ssl cert with proper
alias name then ideally you should have private key entry over here.

Thanks


On Fri, 4 Aug 2017 9:53 pm Hameed, Amir, <[hidden email]> wrote:

> Thank you for your reply. Please see my answers below:
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
> + AddTrustExternalCARoot.crt +
> COMODORSAOrganizationValidationSecureServerCA.crt) into the server key
> store along with the signed server certificate.
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
> >> I am new to Tomcat. Where can I find the trust store and is it separate
> from the server key store?
>
> Thanks
> -----Original Message-----
> From: M. Manna [mailto:[hidden email]]
> Sent: Friday, August 4, 2017 12:16 PM
> To: Tomcat Users List <[hidden email]>
> Subject: Re: SSL is not working
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
>
>
> On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]> wrote:
>
> > Hi,
> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
> > issues. The JDK version I am using is 1.8.0_64. I used the following
> > process to implement SSL:
> >
> > 1.       Generated a java key store using the following command:
> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> > -keysize
> > 2048 \
> > -keystore [key-store-path]/keystore.jks -dname
> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state],
> C=US"
> >
> >
> > 2.       Generated CSR using the following command:
> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> > [key-store-path]/[csr-file-name] \ -keystore
> > [key-store-path]/keystore.jks
> >
> >
> > 3.       Requested certificate from COMODO.
> >
> > 4.       Imported all Trusted certificates from COMODO into the key store
> > using command. There were a total of three trusted certificates that
> > we received from COMODO:
> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
> >
> >
> > 5.       Modified Tomcat's server.xml file as shown below:
> >
> >     <Connector port="[ssl-port]" protocol="org.apache.coyote.
> > http11.Http11NioProtocol"
> >
> >                maxThreads="150" SSLEnabled="true" scheme="https"
> > secure="true"
> >
> >                clientAuth="false" sslProtocol="TLS"
> >
> >                keystoreFile="[key-store-path]/keystore.jks"
> >
> >                keystoreType="JKS" keystorePass="[key-store-password]"
> > />
> >
> >
> >
> > 6.       Restarted Tomcat.
> >
> > 7.       Accessed the Tomcat homepage from the browser using https and
> the
> > browser complained about page being insecure. When I looked at the
> > certificate from the browser, I see that the Certificate Path tab of
> > the certificate shows that the trusted chain is incomplete and does
> > not show the trusted certificates that I had imported into the key store.
> >
> > What am I missing here? Any help will be appreciated.
> >
> >
> > Thank you,
> > Amir
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL is not working

M. Manna
In reply to this post by M. Manna
My bad - you can ignore my previous email - i was thinking about some other
scenario.

If the message says "Trusted Chain is Incomplete" - that means that your
browser's certificate store doesn't have the updated information regarding
root+intermediate CA certs. If you have import all the certificates
correctly to your server keystore this shouldn't be happening.
Check this post to see if you find any missing steps -
https://www.digicert.com/util/repair-intermediate-ssl-certificate-errors-using-digicert-utility-for-microsoft-servers.htm
.

Regards,

On 4 August 2017 at 17:38, M. Manna <[hidden email]> wrote:

> if you are testing locally (i.e. on localhost) you might want to check if
> the root and intermediate CA exists. Or just import it
> 1. Find out where your jdk is - say JDK_PATH
> 2. keep a backup copy somewhere for JDK_PATH\jre\lib\security\cacerts
> 2. run the following command for each root/intermediate CA cert
> keytool -import -trustcacerts -keystore JDK_PATH\jre\lib\security\cacerts
> -storepass changeit -noprompt -file CA_FILE_LOCATION
>
> Restart your tomcat. and check.
>
>
>
> On 4 August 2017 at 17:23, Hameed, Amir <[hidden email]> wrote:
>
>> Thank you for your reply. Please see my answers below:
>>
>> Have you imported the signed server certificate into the server keystore
>> with all the root+intermediate certificates? in other words, does the
>> "chain-of-trust" exist in server keystore?
>> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
>> + AddTrustExternalCARoot.crt + COMODORSAOrganizationValidationSecureServerCA.crt)
>> into the server key store along with the signed server certificate.
>>
>> You just need to add the root and intermediate CA certs to trust store -
>> any server certs signed by them is by default, trusted.
>> >> I am new to Tomcat. Where can I find the trust store and is it
>> separate from the server key store?
>>
>> Thanks
>> -----Original Message-----
>> From: M. Manna [mailto:[hidden email]]
>> Sent: Friday, August 4, 2017 12:16 PM
>> To: Tomcat Users List <[hidden email]>
>> Subject: Re: SSL is not working
>>
>> Have you imported the signed server certificate into the server keystore
>> with all the root+intermediate certificates? in other words, does the
>> "chain-of-trust" exist in server keystore?
>>
>> You just need to add the root and intermediate CA certs to trust store -
>> any server certs signed by them is by default, trusted.
>>
>>
>> On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]> wrote:
>>
>> > Hi,
>> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
>> > issues. The JDK version I am using is 1.8.0_64. I used the following
>> > process to implement SSL:
>> >
>> > 1.       Generated a java key store using the following command:
>> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
>> > -keysize
>> > 2048 \
>> > -keystore [key-store-path]/keystore.jks -dname
>> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
>> ST=[state], C=US"
>> >
>> >
>> > 2.       Generated CSR using the following command:
>> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
>> > [key-store-path]/[csr-file-name] \ -keystore
>> > [key-store-path]/keystore.jks
>> >
>> >
>> > 3.       Requested certificate from COMODO.
>> >
>> > 4.       Imported all Trusted certificates from COMODO into the key
>> store
>> > using command. There were a total of three trusted certificates that
>> > we received from COMODO:
>> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
>> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>> >
>> >
>> > 5.       Modified Tomcat's server.xml file as shown below:
>> >
>> >     <Connector port="[ssl-port]" protocol="org.apache.coyote.
>> > http11.Http11NioProtocol"
>> >
>> >                maxThreads="150" SSLEnabled="true" scheme="https"
>> > secure="true"
>> >
>> >                clientAuth="false" sslProtocol="TLS"
>> >
>> >                keystoreFile="[key-store-path]/keystore.jks"
>> >
>> >                keystoreType="JKS" keystorePass="[key-store-password]"
>> > />
>> >
>> >
>> >
>> > 6.       Restarted Tomcat.
>> >
>> > 7.       Accessed the Tomcat homepage from the browser using https and
>> the
>> > browser complained about page being insecure. When I looked at the
>> > certificate from the browser, I see that the Certificate Path tab of
>> > the certificate shows that the trusted chain is incomplete and does
>> > not show the trusted certificates that I had imported into the key
>> store.
>> >
>> > What am I missing here? Any help will be appreciated.
>> >
>> >
>> > Thank you,
>> > Amir
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL is not working

Christopher Schultz-2
In reply to this post by M. Manna
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

M.,

On 8/4/17 12:16 PM, M. Manna wrote:
> Have you imported the signed server certificate into the server
> keystore with all the root+intermediate certificates? in other
> words, does the "chain-of-trust" exist in server keystore?
>
> You just need to add the root and intermediate CA certs to trust
> store - any server certs signed by them is by default, trusted.

No, you definitely don't want to mess around with any trust stores.

Here are the instructions I always follow when using Java keystores
(which are in fact so awful that even Java is giving up on them[1]),
copied directly from my corporate wiki page on the subject (which I
wrote because I can never remember all the steps):

== Create a New Server Key & Certificate with Java's Keytool

Make sure to use Java's keytool with a Java version 1.6 or better.

 $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
- -alias ${HOSTNAME} -keystore ${HOSTNAME}.jks

== Generate a CSR to send to a CA using Java's Keytool

 $ keytool -certreq -sigalg SHA256withRSA -keystore ${HOSTNAME}.jks

If you have more than one certificate in there, you'll need to use the
"-alias" option.

== Import a Signed Certificate into your Keystore

You'll need to import the root and intermediate certificates from the
CA first:

 $ keytool -import -alias [Authority.CA] -trustcacerts -file
[authority's CA cert] -keystore ${HOSTNAME}.jks
 $ keytool -import -alias [Authority.intermediate] -trustcacerts -file
[authority's intermediate cert] -keystore ${HOSTNAME}.jks
 $ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt -keystore
${HOSTNAME}.jks

Note that the order of import matters. If you do this in the opposite
order, I think your server catches fire instantly. Java keystores are
*just that bad*.

Hope that helps,
- -chris

[1] http://openjdk.java.net/jeps/229

> On 4 August 2017 at 17:09, Hameed, Amir <[hidden email]>
> wrote:
>
>> Hi, I am trying to configure Tomcat 8.0.36 with SSL and running
>> into some issues. The JDK version I am using is 1.8.0_64. I used
>> the following process to implement SSL:
>>
>> 1.       Generated a java key store using the following command:
>> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
>> -keysize 2048 \ -keystore [key-store-path]/keystore.jks -dname
>> "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
>> ST=[state], C=US"
>>
>>
>> 2.       Generated CSR using the following command:
>> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
>> [key-store-path]/[csr-file-name] \ -keystore
>> [key-store-path]/keystore.jks
>>
>>
>> 3.       Requested certificate from COMODO.
>>
>> 4.       Imported all Trusted certificates from COMODO into the
>> key store using command. There were a total of three trusted
>> certificates that we received from COMODO:
>> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias
>> [alias-name] -file [ssl-cert-file] -keystore
>> [key-store-path]/keystore.jks -v
>>
>>
>> 5.       Modified Tomcat's server.xml file as shown below:
>>
>> <Connector port="[ssl-port]" protocol="org.apache.coyote.
>> http11.Http11NioProtocol"
>>
>> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
>>
>> clientAuth="false" sslProtocol="TLS"
>>
>> keystoreFile="[key-store-path]/keystore.jks"
>>
>> keystoreType="JKS" keystorePass="[key-store-password]" />
>>
>>
>>
>> 6.       Restarted Tomcat.
>>
>> 7.       Accessed the Tomcat homepage from the browser using
>> https and the browser complained about page being insecure. When
>> I looked at the certificate from the browser, I see that the
>> Certificate Path tab of the certificate shows that the trusted
>> chain is incomplete and does not show the trusted certificates
>> that I had imported into the key store.
>>
>> What am I missing here? Any help will be appreciated.
>>
>>
>> Thank you, Amir
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZhO37AAoJEBzwKT+lPKRYXFMP/jfiWrKQR5dTzarkJdJa39oN
to4WNYH6wfdONcRhQUHggVAid4qPjs567XjGWfRfnZvaxNhQu52rQN7+tbsFwt7i
wTeURIYK0c/xiO6fvUSvc9A5QkXvMUu2vrPy4V6btMxZSmvktxpTMG0iALbUeobv
Jr42EzE6WZ1Lgj6NoGyJIBkCebfu6HRySOWHIi3rQKBSab3sVYf65mryn6zGw8pq
ZMR8daqsrUdrt9f3ZCqCZjWNHk96fTdh2OUvKIFm58ux0bhj+s5LDpBq4LYTDww1
OxFLOlmxqZ1iy0UmnvNCeEagrMveg1XVRYEbH4jBHsW3nCktzUPa62iLE9I25CnN
iBdoGbHD9gal0PdA6+tbw4aZFvEFzqnLp4LSSwQ2Jm+6vb8SpS0/g6a5T0jrR+0j
GQ9bvfZA4MtmrS4+MZOhEBiv0RGmeoaRv/UDIdsOZdzVGfQkqH5vDqoIEZhRH9Wb
7BC5Sw7TyDM5ylT1vjIxucoaPVFc+uWLFZbUMA57tqlfYlxX6oc3ZhnvEZhP49+0
ridFkN1BY7X42flXnoztbc8B0iRj/jFymnHXQcfpL5Vnc48OSdSPktDVnfm8Q9ZF
jZJVzLfn3Og5+FhmBZH+mwAz5nxFN8naEuaSmpUGx0MVcqHBXHHGFd7E7axtUA+e
twkhpNDyccC7mPAVv3ke
=F7Z0
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...