tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Prezioso <>
Subject RE: SSL with multiple Tomcat instances
Date Mon, 24 Aug 2009 14:47:10 GMT
These are standalone Tomcat instances (Tomcat is the web server, no Apache) running on Red

Each instance has it's own IP address (verified via netstat) and each address has a separate
DNS entry ( and, each which resolve correctly. Each
certificate is generated using the DNS name for the service it is intended for.

As far as I can tell, the certificate store is valid. When I use the keytool command to list
the original keystore (the one with both certificates loaded in the same keystore), I get
the attached listing. When I look at the new one (separate keystores, each with only one certificate)
it looks the same except that it is missing the tomcat (the first instance) certificate and
only has the webui certificate. 

The commands I used to create the keystore were:

keytool -genkey -alias webui -keyalg RSA -keystore webui.keystore
keytool -certreq -alias webui -keystore webui.keystore
keytool -import -trustcacerts -alias IPSROOT -file IPSServidores.crt -keystore webui.keystore
keytool -import -trustcacerts -alias IPSCAA1 -file IPSCACLASEA1.crt -keystore webui.keystore
keytool -import -trustcacerts -alias webui -file webui.crt -keystore webui.keystore

The IPSServidores.crt is the IPS root certificate, IPSCACLASEA1.crt is the intermediate certificate,
and webui.crt is the certificate reply from IPS.

These are the same steps I followed for the webadvisor instance and it is working properly.

The only things that I can think are different between these two tomcat instances are:
a) The webadvisor instance is visible through our firewall from off campus, and the webui
instance is not (I am connecting from on campus)
b) The webadvisor instance is using the network device eth0, and webui is using eth0:0


Don Prezioso
Director of Administrative I.T.
Ashland University
Ashland, Ohio

-----Original Message-----
From: Crypto Sal [] 
Sent: Thursday, August 20, 2009 8:00 PM
To: Tomcat Users List
Subject: Re: SSL with multiple Tomcat instances

Hi Don,

Is this Tomcat for Windows or Tomcat for a UNIX variant?

Have you verified the keystore as correct via * keytool -v -list 
-keystore KEYSTORE_PATH/FILE* ? (Redirect that text to a file if need be!)

Did you use the *-trustcacerts* flag upon importing the certificates or 
was this omitted?

View raw message