Re: Installing certificate chain on Tomat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 4/12/2010 4:55 PM, Michael Dockery wrote: because tomcat has the root for the client cert loaded into its truststore, and the matching client cert subject name (ie: user) loaded in its auth realm the client is therefore authenticated Right: Tomcat can authenticate the client certificate because it has the required trust roots. The OP as asking about the opposite: the client is complaining that the server's cert is untrusted (or, rather, that the cert chain doesn't lead to a known, trusted root). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvEc90ACgkQ9CaO5/Lv0PDmCgCdE1pCXpY8yoVMmogSFPBXvvXQ WwYAnRITkLQcCnYHkp31UpUzY5FYVCQm =wp2q -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /U, On 4/10/2010 3:31 PM, /U wrote: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/users/me/.keystore keystorePass=changeit / Are you using APR (aka Tomcat native)? I have received the following keys/certs from CA: - file1: private key for myhost - file2: identity certificate for myhost signed by CA1 - file3: certificate for CA1 signed by entrust I installed private key (file1) and myhost cert (file2) into /users/me/.keystore using the ImportKey utility. I installed the CA1's certificated into /users/me/.keystore using keytool. My keytool lookslike this: $ keytool -list -keystore /users/me/.keystore ...password... Heh... you mean it's not changeit? :) Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Shouldn't that be 3 entries? CA1, Apr 10, 2010, trustedCertEntry, Certificate fingerprint (MD5): 2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:99:12:17:DB:BE tomcat, Apr 10, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): CD:D9:06:11:30:CD:C2:60:33:33:68:A2:30:5C:01:50 What about the entrust one? I did not install any certificates into truststore (jre/lib/security/cacerts). When I connect browser to https://myhost, i get a cert error that myhost is signed by CA1and cannot be trusted. Browser show only one cert (for myhost) and not show the full cert chain (myhost - CA1 and CA1 - entrust). Why is the full cert chain not sent to browser. Because you haven't provided the whole certificate chain to Tomcat. Tomcat can only send what it already has. Since entrust CA cert is in browser CA list, if tomcat send full cert chain to browser, it would be trusted. Maybe, maybe not. It's possible that the real cert chain goes like this: myhost - CA1 - Entrust - Entrust Global If your browser only knows about the Entrust Global cert, then your chain is broken. Did you follow the instructions on Entrust's web site? http://www.entrust.net/knowledge-base/technote.cfm?tn=7559 (for chain certs) http://www.entrust.net/knowledge-base/technote.cfm?tn=7583 (for bare certs, I guess) Perhaps they are the ones to ask about this. You might want to ask why they don't support a version of Tomcat after 4.1. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDIPAACgkQ9CaO5/Lv0PDmAACfce9J55S5uIHkXTiku9l1YQKa FGkAnjPIXGcvn2B2CQlguGbaz0eTmwkU =G6eH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
/U,
On 4/10/2010 4:13 PM, /U wrote:
i am confused about one thing: whil keystore is explicitly specified
in connector config, what about the truststore?
It can also be configured in the Connector. Have you not read any of
the documentation?
i assume truststore stores the trusted CA certs (as opposed to
private keys/identity cert). Is this correct?
http://lmgtfy.com/?q=java+keystore+versus+truststore
Why does not connector config not refer to truststore config ?
Because most people don't need it. It's getting more common to see
chained certificates, but I'm not entirely sure that the truststore is
required. Patches to the documentation are always welcome.
Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts?
Please read the HTTP Connector documentation: it really does tell you
what all thee defaults are.
What is the relation/differences (as far as tomcat is concerned) between
keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts?
http://lmg... oh, I can't even bring myself to finish that.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDIeIACgkQ9CaO5/Lv0PC+OQCgtKM5wE/B8FTxLsIChrh3nmn+
WQ4Anjq85Qgqzs/NuM1tMDA3mR2WutvS
=p3cW
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
in my case, i am testing with clients authenticating to tomcat with dod cac cards. (smartcards) i downloaded the dod root p7b cert files i checked/verified the root cert for the client cac card certs, matched the dod root certs (in the p7b files) i extracted ONLY the root cert's from each p7b file into x.509 base64_encoded .cer file's then i imported ONLY those dod x509 root certs into tomcat's truststorefile now when a client browses to tomcat, it tries to authenticate with the client-cert (from the cac card) because tomcat has the root for the client cert loaded into its truststore, and the matching client cert subject name (ie: user) loaded in its auth realm the client is therefore authenticated i have more to do but that much is working. From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Mon, April 12, 2010 9:32:32 AM Subject: Re: Installing certificate chain on Tomat -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /U, On 4/10/2010 3:31 PM, /U wrote: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/users/me/.keystore keystorePass=changeit / Are you using APR (aka Tomcat native)? I have received the following keys/certs from CA: - file1: private key for myhost - file2: identity certificate for myhost signed by CA1 - file3: certificate for CA1 signed by entrust I installed private key (file1) and myhost cert (file2) into /users/me/.keystore using the ImportKey utility. I installed the CA1's certificated into /users/me/.keystore using keytool. My keytool lookslike this: $ keytool -list -keystore /users/me/.keystore ...password... Heh... you mean it's not changeit? :) Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Shouldn't that be 3 entries? CA1, Apr 10, 2010, trustedCertEntry, Certificate fingerprint (MD5): 2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:99:12:17:DB:BE tomcat, Apr 10, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): CD:D9:06:11:30:CD:C2:60:33:33:68:A2:30:5C:01:50 What about the entrust one? I did not install any certificates into truststore (jre/lib/security/cacerts). When I connect browser to https://myhost, i get a cert error that myhost is signed by CA1and cannot be trusted. Browser show only one cert (for myhost) and not show the full cert chain (myhost - CA1 and CA1 - entrust). Why is the full cert chain not sent to browser. Because you haven't provided the whole certificate chain to Tomcat. Tomcat can only send what it already has. Since entrust CA cert is in browser CA list, if tomcat send full cert chain to browser, it would be trusted. Maybe, maybe not. It's possible that the real cert chain goes like this: myhost - CA1 - Entrust - Entrust Global If your browser only knows about the Entrust Global cert, then your chain is broken. Did you follow the instructions on Entrust's web site? http://www.entrust.net/knowledge-base/technote.cfm?tn=7559 (for chain certs) http://www.entrust.net/knowledge-base/technote.cfm?tn=7583 (for bare certs, I guess) Perhaps they are the ones to ask about this. You might want to ask why they don't support a version of Tomcat after 4.1. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDIPAACgkQ9CaO5/Lv0PDmAACfce9J55S5uIHkXTiku9l1YQKa FGkAnjPIXGcvn2B2CQlguGbaz0eTmwkU =G6eH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
Maybe you are getting the certificate myhost issued by CA X is not trusted,
because you a fucking virus
-Original Message-
From: /U [uma...@comcast.net]
Date: 04/10/2010 12:02 AM
To: users@tomcat.apache.org
Subject: Re: Installing certificate chain on Tomat
Note: Original message sent as attachment---BeginMessage---
i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
private key (PEM),
identity cert (PEM) (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
I have converted the private key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
I have imported the certificate chain PEM file into
${JAVA_HOME}/jre/lib/security/cacerts.
when I login to tomcat i get warning that certificate
myhost isused by CA X is not trrusted.
It seems like browser does not get full cert chain (entrust = CA X =
myhost).
what could I be doing wrong? pl help.
Regs,
/U
--
View this message in context:
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28199836.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ICBieSBhcGF1
---End Message---
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
On 10 April 2010 08:58, nowled.excite now...@excite.com wrote: Maybe you are getting the certificate myhost issued by CA X is not trusted, because you a fucking virus No need for that. p -Original Message- From: /U [uma...@comcast.net] Date: 04/10/2010 12:02 AM To: users@tomcat.apache.org Subject: Re: Installing certificate chain on Tomat Note: Original message sent as attachment - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- pidster.com
Re: Installing certificate chain on Tomat
hello Pid, am i right in assuming that the identity certificate+private key is installed in keystoreFile of the SSL connector (C:\keystore below) and the CA certificate chain is installed in jre/lib/security/cacerts? Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\keystore keystorePass=changeit / any assistance appreciated, /U -Original Message- From: /U [uma...@comcast.net] Date: 04/10/2010 12:02 AM To: users@tomcat.apache.org Subject: Re: Installing certificate chain on Tomat Note: Original message sent as attachment - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- pidster.com -- View this message in context: http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28202227.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
i had to install my ca root certs in a keystore specificed/referenced by the truststorefile parameter NOT the keystorefile parm From: /U uma...@comcast.net To: users@tomcat.apache.org Sent: Sat, April 10, 2010 10:07:47 AM Subject: Re: Installing certificate chain on Tomat hello Pid, am i right in assuming that the identity certificate+private key is installed in keystoreFile of the SSL connector (C:\keystore below) and the CA certificate chain is installed in jre/lib/security/cacerts? Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\keystore keystorePass=changeit / any assistance appreciated, /U -Original Message- From: /U [uma...@comcast.net] Date: 04/10/2010 12:02 AM To: users@tomcat.apache.org Subject: Re: Installing certificate chain on Tomat Note: Original message sent as attachment - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- pidster.com -- View this message in context: http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28202227.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
On 04/10/2010 12:01 AM, /U wrote:
i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
private key (PEM),
identity cert (PEM) (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
I have converted the private key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
I have imported the certificate chain PEM file into
${JAVA_HOME}/jre/lib/security/cacerts.
when I login to tomcat i get warning that certificate
myhost isused by CA X is not trrusted.
It seems like browser does not get full cert chain (entrust = CA X =
myhost).
what could I be doing wrong? pl help.
Regs,
/U
Hello,
You may want to take a look at Comodo's documentation for Tomcat.
https://support.comodo.com/index.php?_m=knowledgebase_a=viewarticlekbarticleid=1204
It shows how to easily install a trusted certificate for use with Tomcat
(and most Java based Web Servers). I've used this documentation quite a
few times and it has always been spot on.
You may want to view the contents of the keystore: keytool -v -list
-keystore KEYSTORE_FILE; to see what is missing. Tomcat should have the
Intermediate Cert(s) and the Entity/Domain Cert inside the keystore.
Hope this helps!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /U, On 4/10/2010 12:01 AM, /U wrote: i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have private key (PEM), identity cert (PEM) (CA X trusts myhost) and a cert chain file (PEM file) (entrust trusts CA X) The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost I have converted the private key and identify cert into DER form and have imported into /etc/keystore (tomcat's keystore). Tomcat does not use /etc/keystore unless you tell it to do so. Can you show us your server.xml, specifically your SSL Connector element? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ =/uks -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /U, On 4/10/2010 10:07 AM, /U wrote: am i right in assuming that the identity certificate+private key is installed in keystoreFile of the SSL connector (C:\keystore below) and the CA certificate chain is installed in jre/lib/security/cacerts? Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\keystore keystorePass=changeit / Wait, last time you said /etc/keystore. Is this *NIX or Microsoft Windows? If you have C:\keystore as your keystore, then the keystore file should be in (you guessed it) C:\keystore - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvAtbsACgkQ9CaO5/Lv0PDXOACgodvxD9VWjn9tFRsDk+LLGlf3 IacAn0I58CRoEZ/R81Nf4wwvxeyfDxco =n2Tx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
Thank you Chris for your suggestion. Here is my connector: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/users/me/.keystore keystorePass=changeit / I have received the following keys/certs from CA: - file1: private key for myhost - file2: identity certificate for myhost signed by CA1 - file3: certificate for CA1 signed by entrust I installed private key (file1) and myhost cert (file2) into /users/me/.keystore using the ImportKey utility. I installed the CA1's certificated into /users/me/.keystore using keytool. My keytool lookslike this: $ keytool -list -keystore /users/me/.keystore ...password... Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries CA1, Apr 10, 2010, trustedCertEntry, Certificate fingerprint (MD5): 2F:B3:00:F2:FA:12:7B:BD:82:95:70:05:99:12:17:DB:BE tomcat, Apr 10, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): CD:D9:06:11:30:CD:C2:60:33:33:68:A2:30:5C:01:50 $ I did not install any certificates into truststore (jre/lib/security/cacerts). When I connect browser to https://myhost, i get a cert error that myhost is signed by CA1and cannot be trusted. Browser show only one cert (for myhost) and not show the full cert chain (myhost - CA1 and CA1 - entrust). Why is the full cert chain not sent to browser. Since entrust CA cert is in browser CA list, if tomcat send full cert chain to browser, it would be trusted. Also, when I use openss client, I see that full cert chain is not sent: C:\ openssl s_client -connect myhost:443 verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=YY/L=XX/O=myhost Inc./OU=IT/CN=myhost i:/C=US/O=CA1, Inc./OU=www.CA1.net is incorporated by reference/OU=..., Inc./CN=CA1Certification Authority Why does this chain not have CA1-entrust certificate. what i do wrong? should all CA certs be in truststore? what is the defaulttruststore of tomcat? what is difference between truststore and keystore. is it correct to say all CA certs be in truststore and private key and identity cert be in keystore? many thanx, /U Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 /U, On 4/10/2010 12:01 AM, /U wrote: i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have private key (PEM), identity cert (PEM) (CA X trusts myhost) and a cert chain file (PEM file) (entrust trusts CA X) The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost I have converted the private key and identify cert into DER form and have imported into /etc/keystore (tomcat's keystore). Tomcat does not use /etc/keystore unless you tell it to do so. Can you show us your server.xml, specifically your SSL Connector element? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ =/uks -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28204196.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Installing certificate chain on Tomat
I tried this on different systems (*nix and XP) and hence the
differences in my excerpts. but in each case, the connector
config correct refers to keystore. i am sorry i quoted different
configs - will stick to *nix from now on.
i am confused about one thing: whil keystore is explicitly specified
in connector config, what about the truststore?
i assume truststore stores the trusted CA certs (as opposed to
private keys/identity cert). Is this correct?
Why does not connector config not refer to truststore config ?
Or is that by default become ${JAVA_HOME}/jre/lib/security/cacerts?
What is the relation/differences (as far as tomcat is concerned) between
keystore, truststore and {JAVA_HOME}/jre/lib/security/cacerts?
with sincere thanx!
/U
Christopher Schultz-2 wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
/U,
On 4/10/2010 12:01 AM, /U wrote:
i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I
have
private key (PEM),
identity cert (PEM) (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
I have converted the private key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
Tomcat does not use /etc/keystore unless you tell it to do so. Can you
show us your server.xml, specifically your SSL Connector element?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvAtWgACgkQ9CaO5/Lv0PDQBgCgnPJP17/F6OI2UXPRaQ7xnKau
RTUAoLYShr4IVwKZJrOfyvZKGkGAvnUQ
=/uks
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
View this message in context:
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p2820.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Installing certificate chain on Tomat
i am installing certificate chain on tomcat 6.x (JRE 1.6). From my CA I have
private key (PEM),
identity cert (PEM) (CA X trusts myhost)
and a cert chain file (PEM file) (entrust trusts CA X)
The cert chain is: (entrust) === trusts == (CA X) == trusts == myhost
I have converted the private key and identify cert into DER form
and have imported into /etc/keystore (tomcat's keystore).
I have imported the certificate chain PEM file into
${JAVA_HOME}/jre/lib/security/cacerts.
when I login to tomcat i get warning that certificate
myhost isused by CA X is not trrusted.
It seems like browser does not get full cert chain (entrust = CA X =
myhost).
what could I be doing wrong? pl help.
Regs,
/U
--
View this message in context:
http://old.nabble.com/Installing-certificate-chain-on-Tomat-tp28199836p28199836.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
