tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: SLL Certificate Chain
Date Mon, 23 May 2011 21:11:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To whom it may concern,

On 5/23/2011 4:53 AM, Dipl.-Ing. Mag. Bernhard Hobiger wrote:
> I am running Tomcat 6.0.18 64bit on Windows Server 2008 R2
> Enterprise. I obtained a certificate for my server from StartCom,
> installed it and configured the Connector. The server, intermediate
> and root certificates are in a keystore file. So far all went fine,
> except for one problem: Tomcat sends only the server certificate, not
> the whole certificate chain. This means that Firefox (all newer
> versions) thinks the certificate is invalid.
> 
> I tried to import the StartCom certificates into the default keystore
> cacerts, no difference. The problem is not that Tomcat cant validate
> the certificate, but that the intermediate certificate is not sent
> (verified with Wireshark).

I haven't done much work with SSL certs in Java, but I wonder what would
happen if you imported all of the certs, together, into a single alias
in your cert store. Have you tried that, or did you import each cert
(yours, intermediate, etc.) into separate certs within the cert store?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3azXsACgkQ9CaO5/Lv0PAi/gCgrrgCcDCHueT7EMNRR0jlL4JM
6A4AmwRnCsI6TLCGAkvjxuIj0C0vQhZz
=9NOA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message