tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Le" <>
Subject RE: Tomcat and SSL and Palm Problem
Date Thu, 28 Dec 2000 02:16:58 GMT

The domain name is defined in the CN field.  That I am sure of.  VeriSign
and Thawte can confirm this.

My certificates were imported correctly and into the correct keystore.  My
desktop browsers can view the details of the certificate and they do match
up exactly as when I do a "keytool -list -keystore .keystore"

The development folks have also said that the domain name in the
certificate must match that of the DNS name.  The palm browser does use DNS
to resolve and confirm that the certificate comes from where it should.

I am thinking that the problem could either be that tomcat does not respond
with a proper hostname and/or that Palm VIIx rejects self signed and trial



-----Original Message-----
From: Dave Smith []
Sent: Tuesday, October 10, 2000 5:54 PM
Subject: Re: Tomcat and SSL and Palm Problem

Hi Adam,

Did you do something like this?

   keytool -import -trustcacerts -file mycert.cer

Notice the -trustcacerts flag.

Your host name has nothing to do with the cert.
The important part is the fully qualified domain name,
which has to match.

I am a little worried because I was pretty sure the
domain name was the OU, not the CN. You might
want to check what you have with keytool -list -v.


What I suspect from the error message
----- Original Message -----
From: "Adam Le" <>
To: <>
Sent: Wednesday, December 27, 2000 3:32 PM
Subject: Tomcat and SSL and Palm Problem

> Hi all,
> Has anyone had luck implementing a real CA signed certificate with Tomcat?
> I have been able to:
> - install JSSE 1.0.2 into Tomcat v3.2.1 Release
> - create my own self signed key pairs using keytool
> - create the CSR and sent it to VeriSign
> - import the Trial certificate from VeriSign
> Tomcat runs and listens on the proper ports (80, 443, and 8007)
> However, when my browser hits the SSL port, I get an error stating that
> Certificate Authority is Invalid or Incorrect.  A litle research into this
> revealed that the cause is that hostname on the server doesn't match the
> Common Name in the Certificate.  I have not found an option to set the
> name in Tomcat, except through Virtual Hosts; even then that didn't work.
> DNS and the CommonName on the Certificate are the same.  The browser is a
> only Mozzila 2.0 compliant (palm os browser).  Desktop browsers have no
> problem visiting the HTTPS site... only the palm os browser does.
> Is there an option to set the ServerName like there is in Apache? Or does
> anyone see what I am missing here?
> Thanks In Advance.
> Adam

View raw message