tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com>
Subject Re: SSL Certificate Help
Date Thu, 08 Nov 2012 10:12:47 GMT
Alissa,

On 7.11.2012 22:13, Alissa Schneider wrote:
> Here are the steps I have taken thus far:
>
> *         I deleted my original keystore that held my self-signed certificate.
>
> *         I deleted the self-signed certificate.
>
> *         I recreated the keystore.
>
> *         I imported the CA-signed certificate.
>
> *         I have an index.txt file that I deleted all the contents from so it is empty.
>
> *         The server.xml file reflects the current keystore/pw information and the SSL
lines have been uncommented.
>
> Still, when I visit https://localhost:8443, the browser throws a certificate warning.
When I click on the certificate warning and view certificate, it displays information on my
self-signed certificate (that I've deleted). I think if I could figure out how to make Tomcat
point to the CA certificate instead of the old one, this would work for me. However, I'm not
sure how to clear the Tomcat "cache" so to speak.

Are you sure that the warning is the same? Perhaps the first warning was 
about certificate not being signed by CA, and second warning is about 
something else?

Every (CA-signed or self-signed) certificate is issued for the specific 
hostname. If certificate hostname does not match hostname from browser 
URL, browser will issue a warning. Maybe that is the case here.

If your CA-signed certificate is bound to hostname other than 
"localhost" and you access your Tomcat server using browser URL 
"https://localhost:8443", than the browser will issue a warning.

I believe not a single CA would sign certificate for loopback interface 
hostname "localhost", only for FQDN like "server.example.com". 
Therefore, you should access your server using FQDN which your 
certificate is issued for.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message