tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject Re: SSL Certificate Help
Date Thu, 08 Nov 2012 09:39:45 GMT
On 07/11/12 21:13, Alissa Schneider wrote:
> Hi - I'm a novice Tomcat user. I've only used the tool to support BusinessObjects. I
recently was asked to set up SSL for the first time.
> Initially I created my own self-signed certificate and was able to get everything working
fine, although I would get the 'certificate warning' error message when going to https://localhost:8443,
but this was expected. Then my IT admin gave me a CA-signed certificate to use instead so
we wouldn't get that warning.
> The problem I am having, is that Tomcat still seems to be reading my old self-signed
certificate instead of being pointed to the CA-signed certificate.
> Here are my environment specifics:
> *         Windows 2008 R2 64-bit
> *         Tomcat 6.0.24
> *         IE 8
> Here are the steps I have taken thus far:
> *         I deleted my original keystore that held my self-signed certificate.
> *         I deleted the self-signed certificate.
> *         I recreated the keystore.

Which will have generate a NEW public/private key pair.

> *         I imported the CA-signed certificate.

But when did you generate the certificate request for this certificate. 
Does it contain the SAME public key as in your new keystore?
> *         I have an index.txt file that I deleted all the contents from so it is empty.
> *         The server.xml file reflects the current keystore/pw information and the SSL
lines have been uncommented.
> Still, when I visit https://localhost:8443, the browser throws a certificate warning.
When I click on the certificate warning and view certificate, it displays information on my
self-signed certificate (that I've deleted). I think if I could figure out how to make Tomcat
point to the CA certificate instead of the old one, this would work for me. However, I'm not
sure how to clear the Tomcat "cache" so to speak.
> I appreciate any help!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message