tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Crypto Sal <crypto....@gmail.com>
Subject Re: SSL with multiple Tomcat instances
Date Thu, 20 Aug 2009 23:59:31 GMT
Hi Don,

Is this Tomcat for Windows or Tomcat for a UNIX variant?

Have you verified the keystore as correct via * keytool -v -list 
-keystore KEYSTORE_PATH/FILE* ? (Redirect that text to a file if need be!)

Did you use the *-trustcacerts* flag upon importing the certificates or 
was this omitted?


On 08/20/2009 04:49 PM, Don Prezioso wrote:
> Peter,
>
> Thanks for the reply. When I first started having this problem I was actually using a
single keystore for both certificates. Yes there is both an intermediate and a root certificate
that get loaded in the keystore, and I'm sure, at least when I was using a single keystore
that they were loaded correctly because the other instance (and certificate) were working
correctly.
>
> With the second instance using a separate keystore, I get the same results whether the
intermediate certificate is loaded in the keystore or not. That makes me think that somehow
the second instance of Tomcat can't access the intermediate certificate, but somehow the first
instance doesn't have that trouble?
>
> Don
>
> --
> Don Prezioso
> Director of Administrative I.T.
> Ashland University
> Ashland, Ohio
>
>
> -----Original Message-----
> From: peter.crowther3@googlemail.com [mailto:peter.crowther3@googlemail.com] On Behalf
Of Peter Crowther
> Sent: Thursday, August 20, 2009 4:40 PM
> To: Tomcat Users List
> Subject: Re: SSL with multiple Tomcat instances
>
> 2009/8/20 Don Prezioso<dprez@ashland.edu>:
>    
>> I have two instances of Tomcat 5.5 set up on a Red Hat box, each using separate IP
addresses. I have obtained two certificates, one for each instance, and have put them in separate
keystores. Both certificates are from IPSCA and both keystores have been set up in the same
manner. Each keystore is properly referenced in the associated server.xml
>>
>> The first instance (on eth0) is working with no problems. The second instance (on
eth0:0), appears to work fine in IE, but when I connect using Firefox, Chrome, or Safari,
I get the message:
>>
>> The web site's certificate cannot be verified. Do you want to continue? The certificate
cannot be verified by a trusted source.
>>
>> When I view the certificate, it appears valid. If I click on 'Yes', then check the
certificate, it says it is 'Verified by: IPS Certification Authority s.l.' and again, all
appears fine.
>>
>> Any ideas on why I am only getting the warning only on the second instance? I can't
believe it is an issue with IPSCA since the first instance does not exhibit the problem.
>>      
> Hmm.  This probably won't help you, but I recently had exactly those
> symptoms when I hadn't installed the intermediate certificate for a
> GlobalSign cert on an IIS server.  IE didn't care; everything else got
> upset.
>
> Do IPSCA use intermediate certs?  If so, are you *sure* they're
> installed correctly on both keystores? ;-)
>
> - Peter
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>    


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message