tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander 'boesi' Bösecke <>
Subject Changing from a self signed to an official certificate
Date Tue, 21 Oct 2008 10:14:03 GMT

I'm having a problem, that seems quite trivial but googling didn't help 
- so you are my last hope :)

I've set up a Tomcat server with a self signed certificates and that 
works well. But our providers offers an official certificate from 
Geotrust for free, so I want to use this.

So I got a 'certificate' and a 'privateKey' as text files. I converted 
the certificate with OpenSSL to binary format, as described here*

I deleted the self signed certificate with 'keytool -delete...'. And 
imported the new certificate with:
     keytool -importcert -trustcacerts -alias tomcat -storepass password
             -keystore  .keystore -file "the converted file from above"

keytool -list:
   Keystore-Typ: JKS
   Keystore-Provider: SUN

   Ihr Keystore enthõlt 1 Eintrag/-õge.

   Aliasname: tomcat
   Erstellungsdatum: 20.10.2008
   Eintragstyp: trustedCertEntry

The Connector in my server.xml looks like this:
     <Connector port="443" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       keystorePass="password" clientAuth="false" sslProtocol="TLS" />

I've attached a catalina.log about the start of Tomcat. The other log 
files are empty.

The problem is, that when connecting to my Tomcat via https nothing 
happens. No error, no exception just nothing**. ieHTTPHeaders shows 
'HTTP/1.1 302 Moved Temporarily' after the GET. LiveHTTPHeaders in 
Firefox doesn't even show the GET request.

When I restore the .keystore with the self signed certificate it works 
again. So what am I missing or doing wrong?

Thanks really in advance for your help & cu boesi


** ok that's not entirely true. Firefox reports:
"Die Verbindung zu sam wurde unterbrochen, während die Seite geladen 
wurde." - translated to english: "The connection to sam gets broken 
while loading the page."

View raw message