Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4CD85D1BA for ; Thu, 8 Nov 2012 10:13:25 +0000 (UTC) Received: (qmail 16220 invoked by uid 500); 8 Nov 2012 10:13:21 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 16128 invoked by uid 500); 8 Nov 2012 10:13:20 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 16075 invoked by uid 99); 8 Nov 2012 10:13:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Nov 2012 10:13:19 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 147.91.1.120 is neither permitted nor denied by domain of ognjen.d.blagojevic@gmail.com) Received: from [147.91.1.120] (HELO afrodita.rcub.bg.ac.rs) (147.91.1.120) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Nov 2012 10:13:11 +0000 Received: from [IPv6:2001:4170:0:4::66] (unknown [IPv6:2001:4170:0:4::66]) by afrodita.rcub.bg.ac.rs (Postfix) with ESMTP id C58501919FED for ; Thu, 8 Nov 2012 11:12:47 +0100 (CET) Message-ID: <509B859F.4020705@gmail.com> Date: Thu, 08 Nov 2012 11:12:47 +0100 From: Ognjen Blagojevic User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: users@tomcat.apache.org Subject: Re: SSL Certificate Help References: <93C0A8D5B804E64F95DC4C37E3CB9735018C942C69D0@Hermes> In-Reply-To: <93C0A8D5B804E64F95DC4C37E3CB9735018C942C69D0@Hermes> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-RCUB-MailScanner-Information: Please contact the ISP for more information X-RCUB-MailScanner-ID: C58501919FED.ABBF4 X-RCUB-MailScanner: Found to be clean X-RCUB-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.599, required 6, BAYES_00 -2.60, NO_RELAYS -0.00, WEIRD_PORT 0.00) X-Virus-Checked: Checked by ClamAV on apache.org Alissa, On 7.11.2012 22:13, Alissa Schneider wrote: > Here are the steps I have taken thus far: > > * I deleted my original keystore that held my self-signed certificate. > > * I deleted the self-signed certificate. > > * I recreated the keystore. > > * I imported the CA-signed certificate. > > * I have an index.txt file that I deleted all the contents from so it is empty. > > * The server.xml file reflects the current keystore/pw information and the SSL lines have been uncommented. > > Still, when I visit https://localhost:8443, the browser throws a certificate warning. When I click on the certificate warning and view certificate, it displays information on my self-signed certificate (that I've deleted). I think if I could figure out how to make Tomcat point to the CA certificate instead of the old one, this would work for me. However, I'm not sure how to clear the Tomcat "cache" so to speak. Are you sure that the warning is the same? Perhaps the first warning was about certificate not being signed by CA, and second warning is about something else? Every (CA-signed or self-signed) certificate is issued for the specific hostname. If certificate hostname does not match hostname from browser URL, browser will issue a warning. Maybe that is the case here. If your CA-signed certificate is bound to hostname other than "localhost" and you access your Tomcat server using browser URL "https://localhost:8443", than the browser will issue a warning. I believe not a single CA would sign certificate for loopback interface hostname "localhost", only for FQDN like "server.example.com". Therefore, you should access your server using FQDN which your certificate is issued for. -Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org