Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (athena.apache.org: domain of
 prvs=14918F8073=dprez@ashland.edu designates 198.30.217.204 as permitted
 sender)
From: Don Prezioso <dprez@ashland.edu>
To: "users@tomcat.apache.org" <users@tomcat.apache.org>
Date: Fri, 28 Aug 2009 13:08:58 -0400
Subject: RE: SSL with multiple Tomcat instances
Thread-Topic: SSL with multiple Tomcat instances
Thread-Index: AcomupPNOnM+XlRCSoy9EVHrL/0pEQBR2Onw
Message-ID: <E756D911D421FE47BEF500663B5CE50007A76183A8@ex-mb1.ad.ashland.edu>
References: <E756D911D421FE47BEF500663B5CE50007A761837A@ex-mb1.ad.ashland.edu>
    <e0c148a0908201340x7553fd43s4810e1205245efb9@mail.gmail.com><E756D911D421FE47BEF500663B5CE50007A7618381@ex-mb1.ad.ashland.edu>
  <4A8DE363.2050502@gmail.com><E756D911D421FE47BEF500663B5CE50007A761838B@ex-mb1.ad.ashland.edu><4A9330DC.2060505@gmail.com>
    <E756D911D421FE47BEF500663B5CE50007A7618391@ex-mb1.ad.ashland.edu><4A94ABD8.7060704@gmail.com>
    <E756D911D421FE47BEF500663B5CE50007A7618394@ex-mb1.ad.ashland.edu><b7adf1e20908261348sd3700ffg42a7d7c32afa593c@mail.gmail.com>
  <E756D911D421FE47BEF500663B5CE50007A761839A@ex-mb1.ad.ashland.edu>
   <E756D911D421FE47BEF500663B5CE50007A761839C@ex-mb1.ad.ashland.edu>,<4A95CB54.2030903@gmail.com>
  <E756D911D421FE47BEF500663B5CE50007A763F90D@ex-mb1.ad.ashland.edu>
 <4A95E94A.7060402@gmail.com>
In-Reply-To: <4A95E94A.7060402@gmail.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Crypto Sal,

Thank you so much!=20

That was apparently the problem. I got a new certificate from GoDaddy and o=
nce it was installed webui ran with no problems.

Thanks for all your help.

Don

--
Don Prezioso
Director of Administrative I.T.
Ashland University
Ashland, Ohio

-----Original Message-----
From: Crypto Sal [mailto:crypto.sal@gmail.com]=20
Sent: Wednesday, August 26, 2009 10:03 PM
To: users@tomcat.apache.org
Subject: Re: SSL with multiple Tomcat instances

Don,

I think we found our culprit. (Java). The reason that "webadvisor"=20
works, because it functions like a true server, your browser is speaking=20
directly to the web server. "webui" is failing due to Java not trusting=20
the IPS root certificate (which doesn't exist by default in Java 3-6+)=20
Most people should have Java 5 or 6 installed, with some still using=20
Java3(rare) or Java4(some linux people and older Windows users).Java5 is=20
soon to be deprecated by Sun. As you may already know, Java compiling is=20
done client-side vs. server side for your applet. So all of your users=20
must have the IPS root installed in their instance of Java for this cert=20
to work. There's a way to do it, but it is not all that practical.=20
(adding root certs to Java on ALL clients, which may beyond your control)

Your best bet is to go with a more ubiquitous Commercial CA (Comodo,=20
Versign, Thawte, GoDaddy, etc.), which would be ones that extend much=20
further than Web Browsers. Java's default cert store is in a file called=20
"ca-certs", which is located in the security folder of where java=20
resides. A simple "locate cacerts" will reveal its locate on the server.=20
>From here you can do a "keytool -v -list -keystore PATH_TO_KEYSTORE >=20
OUTPUT_FILE ", keystore pass is "changeit", by default. Multiple=20
versions of Java can exist on the same machine, if you would like to see=20
which CAs are more ubiquitous for your installation.

--Sal


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org