tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <jam...@touchtonecorp.com>
Subject Re: Valid certificate chain failing with "unable to find valid certification path to requested "
Date Fri, 04 Apr 2014 01:12:41 GMT
I've only barely glanced at this thread, so forgive me if I'm saying 
something that's already been mentioned, or that's irrelevant.

But yesterday, I was tearing my hair out over something similar while 
setting up a keystore for a customer: it seems that the customer's CA of 
choice had assumed that the customer was using the same keystore that 
they'd used previously (I'd created a new one because of some changes in 
ownership and location information), and so they'd signed the CSR with 
the OLD intermediate certificates, without bothering to tell anybody. 
And so every time I tried to plug the response certificate in with the 
NEW intermediates, Keytool would balk.

I dunno what possessed me to try the old intermediates, but try them I 
did (by that time, I'd also found and installed "KeyStore Explorer," a 
nifty little open-source Keytool-replacement). (Ironically, because 
installing a CSR response certificate is a bit counter-intuitive in 
KeyStore Explorer [it's ONLY on the right-click menu, and ONLY if you 
right-click on a keypair], the keystore I made using it was worthless, 
but once I'd discovered the problem, I'd also done one with Keytool as a 
backup. Didn't find out I'd screwed up the KeyStore Explorer version 
until this afternoon, and didn't figure out the right way to do it in 
KeyStore Explorer until after I'd already put the Keytool version of the 
keystore into service.)

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message