tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Crypto Sal <>
Subject Re: Installing certificate chain on Tomat
Date Sat, 10 Apr 2010 16:54:40 GMT
  On 04/10/2010 12:01 AM, /U wrote:
> i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
>      private key (PEM),
>      identity cert (PEM)  (CA X trusts myhost)
>     and a cert chain file (PEM file) (entrust trusts CA X)
> The cert chain is: (entrust) === trusts ==>  (CA X) == trusts ==>  myhost
> I have converted the private  key and identify cert into DER form
> and have imported into /etc/keystore (tomcat's keystore).
> I have imported the certificate chain PEM file into
> ${JAVA_HOME}/jre/lib/security/cacerts.
> when I login to tomcat i get warning that certificate
>       myhost isused by CA X is not trrusted.
> It seems like browser does not get full cert chain (entrust =>  CA X =>
> myhost).
> what could I be doing wrong? pl help.
> Regs,
> /U


You may want to take a look at Comodo's documentation for Tomcat.

It shows how to easily install a trusted certificate for use with Tomcat 
(and most Java based Web Servers). I've used this documentation quite a 
few times and it has always been spot on.

You may want to view the contents of the keystore: keytool -v -list 
-keystore KEYSTORE_FILE; to see what is missing. Tomcat should have the 
Intermediate Cert(s) and the Entity/Domain Cert inside the keystore.

Hope this helps!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message