Thank you for your reply. Please see my answers below:
Have you imported the signed server certificate into the server keystore with
all the root+intermediate certificates? in other words, does the
"chain-of-trust" exist in server keystore?
>> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt +
>> AddTrustExternalCARoot.crt +
>> COMODORSAOrganizationValidationSecureServerCA.crt) into the server key store
>> along with the signed server certificate.
You just need to add the root and intermediate CA certs to trust store - any
server certs signed by them is by default, trusted.
>> I am new to Tomcat. Where can I find the trust store and is it separate from
>> the server key store?
Thanks
-Original Message-
From: M. Manna [mailto:manme...@gmail.com]
Sent: Friday, August 4, 2017 12:16 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SSL is not working
Have you imported the signed server certificate into the server keystore with
all the root+intermediate certificates? in other words, does the
"chain-of-trust" exist in server keystore?
You just need to add the root and intermediate CA certs to trust store - any
server certs signed by them is by default, trusted.
On 4 August 2017 at 17:09, Hameed, Amir <amir.ham...@xerox.com> wrote:
> Hi,
> I am trying to configure Tomcat 8.0.36 with SSL and running into some
> issues. The JDK version I am using is 1.8.0_64. I used the following
> process to implement SSL:
>
> 1. Generated a java key store using the following command:
> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> -keysize
> 2048 \
> -keystore [key-store-path]/keystore.jks -dname
> "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state], C=US"
>
>
> 2. Generated CSR using the following command:
> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> [key-store-path]/[csr-file-name] \ -keystore
> [key-store-path]/keystore.jks
>
>
> 3. Requested certificate from COMODO.
>
> 4. Imported all Trusted certificates from COMODO into the key store
> using command. There were a total of three trusted certificates that
> we received from COMODO:
> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>
>
> 5. Modified Tomcat's server.xml file as shown below:
>
>
>maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>
>clientAuth="false" sslProtocol="TLS"
>
>keystoreFile="[key-store-path]/keystore.jks"
>
>keystoreType="JKS" keystorePass="[key-store-password]"
> />
>
>
>
> 6. Restarted Tomcat.
>
> 7. Accessed the Tomcat homepage from the browser using https and the
> browser complained about page being insecure. When I looked at the
> certificate from the browser, I see that the Certificate Path tab of
> the certificate shows that the trusted chain is incomplete and does
> not show the trusted certificates that I had imported into the key store.
>
> What am I missing here? Any help will be appreciated.
>
>
> Thank you,
> Amir
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
