tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat SSL godaddy
Date Tue, 30 Nov 2010 21:08:15 GMT
Hash: SHA1


On 11/30/2010 3:00 PM, Nathaniel Thalluri wrote:
> Then downloaded the certificate bundle that
> godaddy provides.

You mean the root CA stuff? Your default Java cacerts should probably
already contain them. If not...

> Imported the certs into the keystore following
> option 2 in this document

I think you wanted to import them into your trust store, not your key store.

It's confusing that GoDaddy's page uses "tomcat.keystore" and
"keystore.tomcat" interchangeably.

> The document is valid up to Tomcat 6.x only. I am using Tomcat 7.x.

TC 6 and 7 should be nearly the same.

> Anyway when the certs are imported into the keystore the thumbprint of
> the certs, now inside the keystore, is different from the thumbprints
> of the .crt cerificate files outside the keystore.
> Is this normal behavior?

Hmm... that sounds weird. Try starting again, re-creating your keystore
and importing the GoDaddy certificates into it. Then test the
fingerprints to see if they are okay. Remember not to discard the key
you used to create your CSR or you'll have to re-submit to GoDaddy.

> My connector looks like this:
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> SSLEnabled="true"
>                maxThreads="200" scheme="https" secure="true" debug="0"
>                keystoreFile="C:\tomcat.keystore" keystorePass="pwd"		
>                clientAuth="false" sslProtocol="TLS" address="ipaddr"/>
> When the site is accessed the 'There is a problem with this website's
> security certificate.' warning is thrown. I am guessing the
> thumbprints changing is causing this issue. But I am not sure why
> thats happening.
> The keystore is created on the same machine that the certificates are imported.

What is the output of "keytool -list -keystore tomcat.keystore"?

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message