Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B6A0B932A for ; Wed, 25 Apr 2012 22:25:27 +0000 (UTC) Received: (qmail 93931 invoked by uid 500); 25 Apr 2012 22:25:24 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 93707 invoked by uid 500); 25 Apr 2012 22:25:24 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 93697 invoked by uid 99); 25 Apr 2012 22:25:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Apr 2012 22:25:24 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [217.146.183.252] (HELO nm15-vm0.bullet.mail.ukl.yahoo.com) (217.146.183.252) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 25 Apr 2012 22:25:17 +0000 Received: from [217.146.183.184] by nm15.bullet.mail.ukl.yahoo.com with NNFMP; 25 Apr 2012 22:24:56 -0000 Received: from [77.238.184.71] by tm15.bullet.mail.ukl.yahoo.com with NNFMP; 25 Apr 2012 22:24:56 -0000 Received: from [127.0.0.1] by smtp140.mail.ukl.yahoo.com with NNFMP; 25 Apr 2012 22:24:56 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s1024; t=1335392696; bh=0WI78O80ZZSZv/MMkrbRjIgW4349RPe5adzM8s6mdEc=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-Antivirus:X-Antivirus-Status; b=VA4ms9eMeXrZeVYC8nhsXeIcrVY9y5pAY8NOfK/QSqt+GBkRr5XFaxVw1A+nGR+IifLYIzpEQRREUJLLYi+0IwlSsUgPx3qD7KcEHHHEg773+dM9CrsnTLaqt80zqnFGUv8F6j7xtNNcOHoGn2bgUmiJbKxmUpDFPKyRRxqDJCQ= X-Yahoo-Newman-Id: 642346.2237.bm@smtp140.mail.ukl.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: X.SiAvYVM1kjX7AUv00HMjCIt1d.km60Mg46QAND5xew_q6 8cITZJxewiCja1gn8asXwY9F7fP2fwsa8_mD37ArczW5wxKcNZneOJvrH9oi MOuFmSvKuU7e0wihHW9duhG7LgHQvcTHydkLr_MQkEgIH3WUr.JbENiApH86 EvYESvCvncah9YUS4B6PzC1LpRXhIUuMS60h7.upeJdv11WRPR4m2cFRolZK AEhEhgVarlv1F0zRmxEa5cEFO_5EEfn57mwutFnFwWhTnTojRkLSoX0yLk7W D9jq5cHsUA_tUmiN8xTVzKUGliHDP3mzJpRt2O2e3Kdrb_nncBEFdAdjY9li hU5IyMrhn6y7dbYudZ77k4B4G54TCrrAJTaTmMeJoCPpHqPh2m6_ZYJiW33g MKSZXyhotHheYIvzfivSE_pTtvP4aXy4hB3nDIKSABGHELWUV_xMNR4wq6nV PZPyXnPcuwjoqTZgi9JKZpG24A_W8QJoJd4_TEu71JpvAcsvlakEQkKGe9bk hYscwZ7OnB76MXw8wpm7nee13JPJYICmbzTEWmguac.b4EYPT1FCHHCVQPlo Hhk2A2q0gv8u_oSbwBb3KlhDWI_kwYh08mGGFRw-- X-Yahoo-SMTP: 4morDKeswBDE3lIuzd.cm_qbJNxlcsznEWqdK4MN Received: from [127.0.0.1] (miguel_3_gonzalez@85.49.201.214 with plain) by smtp140.mail.ukl.yahoo.com with SMTP; 25 Apr 2012 22:24:56 +0000 GMT Message-ID: <4F9879B6.6070501@yahoo.es> Date: Thu, 26 Apr 2012 00:24:54 +0200 From: =?UTF-8?B?TWlndWVsIEdvbnrDoWxleiBDYXN0YcOxb3M=?= User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Javamelody and Struts References: <4F95B427.9040400@yahoo.es> <4F95B4C9.9010802@christopherschultz.net> <4F95C2F3.9040307@yahoo.es> <4F95CB23.5070803@yahoo.es> <4F9859EB.8080709@yahoo.es> <4F987765.4020205@christopherschultz.net> In-Reply-To: <4F987765.4020205@christopherschultz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 120425-0, 25/04/2012), Outbound message X-Antivirus-Status: Clean > Do those certificates match the type of certificate that you have? > Last time I checked, VeriSign had a whole set of intermediate > certificates and you need the ones that match the type of certificate > you have (EV versus whatever the other flavors they have are). Which other flavors? How do I know? > >> keytool -import -trustcacerts -alias EV_root -keystore >> /opt/tomcat5/certs/tcc -file veriCA1.cer > Is /opt/tomcat5/certs/tcc the file you have configured in Tomcat? It's the keystore and yes, configured in tomcat > > Please post your SSL configuration (cleansed of any > passwords). > > Finally, you didn't post your original stack trace. Since this is > happening on the server-side, it's either a problem during startup or > during client-certificate verification. Since you mentioned the "site > certificate", I assume you are having problems with your server's SSL > certificate and not a client certificate being presented by a remote > client, right? I'm not sure what you mean with the server and client certificates. No web browser reports the server certificate as no valid. > > Can you show me what this command returns: > > $ keytool -list -keystore /opt/tomcat5/certs/tcc -v > Your keystore contains 3 entries Alias name: evintermediate Creation date: Apr 24, 2012 Entry type: trustedCertEntry Owner: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Serial number: 6ecc7aa5a7032009b8cebcf4e952d491 Valid from: Mon Feb 08 01:00:00 CET 2010 until: Sat Feb 08 00:59:59 CET 2020 Certificate fingerprints: MD5: 3C:48:42:0D:FF:58:1A:38:86:BC:FD:41:D4:8A:41:DE SHA1: 5D:EB:8F:33:9E:26:4C:19:F6:68:6F:5F:8F:32:B5:4A:4C:46:B4:76 ******************************************* ******************************************* Alias name: ev_root Creation date: Apr 24, 2012 Entry type: trustedCertEntry Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial number: 250ce8e030612e9f2b89f7054d7cf8fd Valid from: Wed Nov 08 01:00:00 CET 2006 until: Mon Nov 08 00:59:59 CET 2021 Certificate fingerprints: MD5: F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A SHA1: 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27 ******************************************* ******************************************* Alias name: Creation date: Feb 24, 2012 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=www.mycompany.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Comercial, O="My OU S.L.", L=My city, ST=Madrid, C=ES Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Serial number: 7afc00006539f4e816f7fe6b65f47af0 Valid from: Sat Feb 11 01:00:00 CET 2012 until: Fri Apr 12 01:59:59 CEST 2013 Certificate fingerprints: ******************************************* ******************************************* --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org