I have setup a keystore as follows:
keytool -genkey -alias tomcat -keyalg RSA -dname CN=<server FQDN>,OU="Company Name",O="
Company Name ",L=city,ST=province,C=CA \
-keystore /path/keystore -keypass phrase -storepass phrase
I then generated a CSR:
keytool -certreq -keyalg RSA -alias tomcat -file /path/certreq.csr -keystore /path/keystore
I signed the certificate on our Windows Server 2008 R2 CA Server:
certreq.exe -attrib "CertificateTemplate:WebServer" c:\data\certreq.csr c:\data\certreq.cer
I added the signed sert:
keytool -import -alias tomcat2 -keystore /path/keystore -trustcacerts -file /path/certreq.cer
Lastly I added the Base 64 encoded X.509 root ca from our active directory ca:
keytool -keystore /path/keystore -keyalg RSA -import -trustcacerts -alias cacert -file /path/root-ca.crt
This all completed w/o error, so I created the connector in the server.xml yet when
domain clients connect to the ssl site, they are prompted with warnings suggesting
the root cert is not trusted?
Any pointers where I erred?
Thanks!
jlc
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|