tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Prezioso <>
Subject RE: SSL with multiple Tomcat instances
Date Thu, 20 Aug 2009 20:49:28 GMT

Thanks for the reply. When I first started having this problem I was actually using a single
keystore for both certificates. Yes there is both an intermediate and a root certificate that
get loaded in the keystore, and I'm sure, at least when I was using a single keystore that
they were loaded correctly because the other instance (and certificate) were working correctly.

With the second instance using a separate keystore, I get the same results whether the intermediate
certificate is loaded in the keystore or not. That makes me think that somehow the second
instance of Tomcat can't access the intermediate certificate, but somehow the first instance
doesn't have that trouble?


Don Prezioso
Director of Administrative I.T.
Ashland University
Ashland, Ohio

-----Original Message-----
From: [] On Behalf Of
Peter Crowther
Sent: Thursday, August 20, 2009 4:40 PM
To: Tomcat Users List
Subject: Re: SSL with multiple Tomcat instances

2009/8/20 Don Prezioso <>:
> I have two instances of Tomcat 5.5 set up on a Red Hat box, each using separate IP addresses.
I have obtained two certificates, one for each instance, and have put them in separate keystores.
Both certificates are from IPSCA and both keystores have been set up in the same manner. Each
keystore is properly referenced in the associated server.xml
> The first instance (on eth0) is working with no problems. The second instance (on eth0:0),
appears to work fine in IE, but when I connect using Firefox, Chrome, or Safari, I get the
> The web site's certificate cannot be verified. Do you want to continue? The certificate
cannot be verified by a trusted source.
> When I view the certificate, it appears valid. If I click on 'Yes', then check the certificate,
it says it is 'Verified by: IPS Certification Authority s.l.' and again, all appears fine.
> Any ideas on why I am only getting the warning only on the second instance? I can't believe
it is an issue with IPSCA since the first instance does not exhibit the problem.

Hmm.  This probably won't help you, but I recently had exactly those
symptoms when I hadn't installed the intermediate certificate for a
GlobalSign cert on an IIS server.  IE didn't care; everything else got

Do IPSCA use intermediate certs?  If so, are you *sure* they're
installed correctly on both keystores? ;-)

- Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message