Ray,
On 30.9.2014 20:54, ray.d...@usbank.com wrote:
<Connector
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Bonaire\REVPORT\.keystore" keystorePass="changeit"
keyAlias="tomcat2"
proxyName="revport-it.us.bank-dns.com" proxyPort="443"
/>
And then on the browser, when I try to load the site, I get a blank
screen again, says "Internet Explorer cannot display the webpage".
If I use "tomcat" as the alias in my connector, the site loads but then
I get the "Certificate Error" popup again, which is what I need to get
rid of (on the top right the Internet Explorer).
It seems that you created key pair under alias "tomcat" and imported
certificate reply from your CA under alias "tomcat2". That is wrong. You
should be importing certificate reply under same alias as you generated
key pair.
Here is exceprt from Oracle keytool docs:
"You import a certificate for two reasons:
to add it to the list of trusted certificates, or
to import a certificate reply received from a CA as the result of
submitting a Certificate Signing Request (see the -certreq command) to
that CA.
Which type of import is intended is indicated by the value of the -alias
option:
If the alias does not point to a key entry, then keytool assumes
you are adding a trusted certificate entry. In this case, the alias
should not already exist in the keystore. If the alias does already
exist, then keytool outputs an error, since there is already a trusted
certificate for that alias, and does not import the certificate.
If the alias points to a key entry, then keytool assumes you are
importing a certificate reply."
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org