tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph L. Casale" <>
Subject Trouble setting up ssl
Date Sat, 26 Feb 2011 05:42:22 GMT
I have setup a keystore as follows:
keytool -genkey -alias tomcat -keyalg RSA -dname CN=<server FQDN>,OU="Company Name",O="
Company Name ",L=city,ST=province,C=CA \
-keystore /path/keystore -keypass phrase -storepass phrase

I then generated a CSR:
keytool -certreq -keyalg RSA -alias tomcat -file /path/certreq.csr -keystore /path/keystore

I signed the certificate on our Windows Server 2008 R2 CA Server:
certreq.exe -attrib "CertificateTemplate:WebServer" c:\data\certreq.csr c:\data\certreq.cer

I added the signed sert:
keytool -import -alias tomcat2 -keystore /path/keystore -trustcacerts -file /path/certreq.cer

Lastly I added the Base 64 encoded X.509 root ca from our active directory ca:
keytool -keystore /path/keystore -keyalg RSA -import -trustcacerts -alias cacert -file /path/root-ca.crt

This all completed w/o error, so I created the connector in the server.xml yet when
domain clients connect to the ssl site, they are prompted with warnings suggesting
the root cert is not trusted?

Any pointers where I erred?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message