tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: SLL Certificate Chain
Date Mon, 23 May 2011 21:11:23 GMT
Hash: SHA1

To whom it may concern,

On 5/23/2011 4:53 AM, Dipl.-Ing. Mag. Bernhard Hobiger wrote:
> I am running Tomcat 6.0.18 64bit on Windows Server 2008 R2
> Enterprise. I obtained a certificate for my server from StartCom,
> installed it and configured the Connector. The server, intermediate
> and root certificates are in a keystore file. So far all went fine,
> except for one problem: Tomcat sends only the server certificate, not
> the whole certificate chain. This means that Firefox (all newer
> versions) thinks the certificate is invalid.
> I tried to import the StartCom certificates into the default keystore
> cacerts, no difference. The problem is not that Tomcat cant validate
> the certificate, but that the intermediate certificate is not sent
> (verified with Wireshark).

I haven't done much work with SSL certs in Java, but I wonder what would
happen if you imported all of the certs, together, into a single alias
in your cert store. Have you tried that, or did you import each cert
(yours, intermediate, etc.) into separate certs within the cert store?

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message