RE: Cannot rid of expired Certificate ...
-Original Message- From: Brooke Hedrick [mailto:brooke.t.hedr...@gmail.com] Sent: 20 January 2012 12:50 To: Tomcat Users List Subject: RE: Cannot rid of expired Certificate ... On Jan 20, 2012 6:47 AM, Brooke Hedrick brooke.t.hedr...@gmail.com wrote: H On Jan 20, 2012 4:23 AM, Andrew Erskine a.ersk...@darasoft.com wrote: Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Thanks. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 09:51 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 02:28, Brooke Hedrick wrote: Are you sure you updated the correct keystore? Which o/s are you running? (Please don't top post.) It's worth noting that some browsers appear to cache certs and sometimes changes are not immediately apparent. p On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Where is your keystore located? When running on with Tomcat poviding the cert, as I recall, there were 2 options of keystore placement. If you are using APR you can specify the location. If not, it assumes it has to look under your 'profile' home. So, c:/documents ands settings/... or c:/users/... Are you using APR? Another question... To rule out the browser, have you tried using openssl to retrieve tthe certificate? The only placement of my keystore is .. keystoreFile=SPECROOT/custom/keystore/cacerts keystorePass=changeit and that is where I have deleted the entry for my server and re-created a new one. Not sure what APR is ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
Andrew Erskine wrote: ... Not sure what APR is ? To save someone else the time : See : http://apr.apache.org/ In essence, APR is a software library which contains a number of TCP-socket-related functions which /can/ be used by software applications (such as Apache httpd and Tomcat), as a replacement for similar platform-specific functions, to provide more uniformity. In the case of Tomcat : by default, Tomcat, for its Connectors, uses the network-related functions provided by the Java JVM (e.g., to open a listening socket for a Connector). However, if Tomcat detects the availability of the APR library when it starts, it will switch to using this library instead. The APR implementation is supposed to be more efficient and faster. The importance of this, in the current context, is that there is a difference regarding SSL (HTTPS) : the standard JVM functions use the Java JVM's implementation of SSL, while APR functions use the OpenSSL library. This matters because the relevant Connector attributes are different in each case (and also probably where the software looks for things like keystore etc..). You can see if on your system Tomcat has found (and is using) the APR library or not, by examining the Tomcat logfiles : at startup, Tomcat will print a warning if it did not find APR. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot rid of expired Certificate ...
-Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 23 January 2012 10:46 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... Andrew Erskine wrote: ... Not sure what APR is ? To save someone else the time : See : http://apr.apache.org/ In essence, APR is a software library which contains a number of TCP-socket-related functions which /can/ be used by software applications (such as Apache httpd and Tomcat), as a replacement for similar platform-specific functions, to provide more uniformity. In the case of Tomcat : by default, Tomcat, for its Connectors, uses the network-related functions provided by the Java JVM (e.g., to open a listening socket for a Connector). However, if Tomcat detects the availability of the APR library when it starts, it will switch to using this library instead. The APR implementation is supposed to be more efficient and faster. The importance of this, in the current context, is that there is a difference regarding SSL (HTTPS) : the standard JVM functions use the Java JVM's implementation of SSL, while APR functions use the OpenSSL library. This matters because the relevant Connector attributes are different in each case (and also probably where the software looks for things like keystore etc..). You can see if on your system Tomcat has found (and is using) the APR library or not, by examining the Tomcat logfiles : at startup, Tomcat will print a warning if it did not find APR. So I've deleted my certificate again and created a new certificate .. D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 19, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): DF:BA:0D:35:8D:45:E0:79:62:6B:C7:ED:D6:B7:86:8E tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -delete -keystore d:\win32app\Spectrum\custom\keystore\cacerts -alias spectrum-92 Enter keystore password: D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore keytool error: java.lang.Exception: Keystore file exists, but is empty: d:\win32app\Spectrum\custom\keystore D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: What is your first and last name? [Unknown]: spectrum-92 What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=spectrum-92, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for spectrum-92 (RETURN if same as keystore password): D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 23, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): 8F:26:60:6B:9E:01:64:5E:CB:73:8A:BC:4E:3E:AF:AB tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\bin Heres my server.xml .. Connector port=443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
Re: Cannot rid of expired Certificate ...
Andrew Erskine wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 23 January 2012 10:46 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... Andrew Erskine wrote: ... Not sure what APR is ? To save someone else the time : See : http://apr.apache.org/ In essence, APR is a software library which contains a number of TCP-socket-related functions which /can/ be used by software applications (such as Apache httpd and Tomcat), as a replacement for similar platform-specific functions, to provide more uniformity. In the case of Tomcat : by default, Tomcat, for its Connectors, uses the network-related functions provided by the Java JVM (e.g., to open a listening socket for a Connector). However, if Tomcat detects the availability of the APR library when it starts, it will switch to using this library instead. The APR implementation is supposed to be more efficient and faster. The importance of this, in the current context, is that there is a difference regarding SSL (HTTPS) : the standard JVM functions use the Java JVM's implementation of SSL, while APR functions use the OpenSSL library. This matters because the relevant Connector attributes are different in each case (and also probably where the software looks for things like keystore etc..). You can see if on your system Tomcat has found (and is using) the APR library or not, by examining the Tomcat logfiles : at startup, Tomcat will print a warning if it did not find APR. So I've deleted my certificate again and created a new certificate .. D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 19, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): DF:BA:0D:35:8D:45:E0:79:62:6B:C7:ED:D6:B7:86:8E tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -delete -keystore d:\win32app\Spectrum\custom\keystore\cacerts -alias spectrum-92 Enter keystore password: D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore keytool error: java.lang.Exception: Keystore file exists, but is empty: d:\win32app\Spectrum\custom\keystore D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: What is your first and last name? [Unknown]: spectrum-92 What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=spectrum-92, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for spectrum-92 (RETURN if same as keystore password): D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 23, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): 8F:26:60:6B:9E:01:64:5E:CB:73:8A:BC:4E:3E:AF:AB tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\bin Heres my server.xml .. Connector port=443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
RE: Cannot rid of expired Certificate ...
From: Andrew Erskine [mailto:a.ersk...@darasoft.com] Subject: RE: Cannot rid of expired Certificate ... Heres my server.xml .. Only part of it, unfortunately. Connector port=443 minProcessors=5 maxProcessors=75 Jan 23, 2012 10:58:37 AM (main) (org.apache.coyote.http11.Http11BaseProtocol) - (INFO) - Initializing Coyote HTTP/1.1 on http-80 Jan 23, 2012 10:58:39 AM (main) (org.apache.coyote.http11.Http11BaseProtocol) - (INFO) - Initializing Coyote HTTP/1.1 on http-443 It appears that you also have port 80 configured, you're not using APR, and ports 80 and 443 were successfully initialized. Jan 23, 2012 10:58:53 AM (main) (org.apache.axis2.transport.http.AxisServlet) - (WARN) - No transportReceiver for org.apache.axis2.transport.http.AxisServletListener found. An instance for HTTP will be configured automatically. Please update your axis2.xml file! Looks like your Axis2 configuration is broken. Jan 23, 2012 10:58:53 AM (HttpListener-8443-1) (org.apache.axis2.transport.http.server.DefaultConnectionListener) - (INFO) - Listening on port 8443 So you have Axis2 listening on 8443 - which is a commonly used HTTPS substitute port. What port are your clients trying to connect to, 443 or 8443? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
Some key authorities recently changed the default from 1024 to 2048 bit keys. On some occasions I've been forced to delete my keystore and start from scratch to make sure there are no unsuitable keys still in there. On 23/01/12 11:45 PM, André Warnier a...@ice-sa.com wrote: Andrew Erskine wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 23 January 2012 10:46 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... Andrew Erskine wrote: ... Not sure what APR is ? To save someone else the time : See : http://apr.apache.org/ In essence, APR is a software library which contains a number of TCP-socket-related functions which /can/ be used by software applications (such as Apache httpd and Tomcat), as a replacement for similar platform-specific functions, to provide more uniformity. In the case of Tomcat : by default, Tomcat, for its Connectors, uses the network-related functions provided by the Java JVM (e.g., to open a listening socket for a Connector). However, if Tomcat detects the availability of the APR library when it starts, it will switch to using this library instead. The APR implementation is supposed to be more efficient and faster. The importance of this, in the current context, is that there is a difference regarding SSL (HTTPS) : the standard JVM functions use the Java JVM's implementation of SSL, while APR functions use the OpenSSL library. This matters because the relevant Connector attributes are different in each case (and also probably where the software looks for things like keystore etc..). You can see if on your system Tomcat has found (and is using) the APR library or not, by examining the Tomcat logfiles : at startup, Tomcat will print a warning if it did not find APR. So I've deleted my certificate again and created a new certificate .. D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 19, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): DF:BA:0D:35:8D:45:E0:79:62:6B:C7:ED:D6:B7:86:8E tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -delete -keystore d:\win32app\Spectrum\custom\keystore\cacerts -alias spectrum-92 Enter keystore password: D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore keytool error: java.lang.Exception: Keystore file exists, but is empty: d:\win32app\Spectrum\custom\keystore D:\win32app\Spectrum\Java\jre\binkeytool -genkey -alias spectrum-92 -keyalg RSA -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: What is your first and last name? [Unknown]: spectrum-92 What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=spectrum-92, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for spectrum-92 (RETURN if same as keystore password): D:\win32app\Spectrum\Java\jre\binkeytool -list -keystore d:\win32app\Spectrum\custom\keystore\cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Oct 21, 2011, trustedCertEntry, Certificate fingerprint (MD5): BB:EA:B2:25:64:36:99:85:77:32:BA:B3:76:E6:F6:1A ehrp-2e2-site1, Jan 12, 2012, trustedCertEntry, Certificate fingerprint (MD5): 3B:14:71:2C:15:7D:79:81:7C:D6:B7:CE:35:0E:43:80 spectrum-92, Jan 23, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): 8F:26:60:6B:9E:01:64:5E:CB:73:8A:BC:4E:3E:AF:AB tomcatss1, Oct 21, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): DF:7D:58:4B:D1:5A:A5:AF:68:C6:5E:F4:77:7D:0D:FB D
Re: Cannot rid of expired Certificate ...
On 20/01/2012 02:28, Brooke Hedrick wrote: Are you sure you updated the correct keystore? Which o/s are you running? (Please don't top post.) It's worth noting that some browsers appear to cache certs and sometimes changes are not immediately apparent. p On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: Cannot rid of expired Certificate ...
Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Thanks. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 09:51 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 02:28, Brooke Hedrick wrote: Are you sure you updated the correct keystore? Which o/s are you running? (Please don't top post.) It's worth noting that some browsers appear to cache certs and sometimes changes are not immediately apparent. p On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. -- your answer here : - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
So how do I do that .. I'm only replying to questions .. On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. -- your answer here : - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
On 20/01/2012 10:52, Andrew Erskine wrote: So how do I do that .. I'm only replying to questions .. So, scroll down a bit... On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: ... and reply below Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? ... each point. p Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. -- your answer here : - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: Cannot rid of expired Certificate ...
-Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 11:00 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 10:52, Andrew Erskine wrote: So how do I do that .. I'm only replying to questions .. So, scroll down a bit... On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: ... and reply below Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? ... each point. p Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. like this ? .. aha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808]
RE: Cannot rid of expired Certificate ...
H On Jan 20, 2012 4:23 AM, Andrew Erskine a.ersk...@darasoft.com wrote: Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Thanks. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 09:51 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 02:28, Brooke Hedrick wrote: Are you sure you updated the correct keystore? Which o/s are you running? (Please don't top post.) It's worth noting that some browsers appear to cache certs and sometimes changes are not immediately apparent. p On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Where is your keystore located? When running on with Tomcat poviding the cert, as I recall, there were 2 options of keystore placement. If you are using APR you can specify the location. If not, it assumes it has to look under your 'profile' home. So, c:/documents ands settings/... or c:/users/... Are you using APR?
RE: Cannot rid of expired Certificate ...
On Jan 20, 2012 6:47 AM, Brooke Hedrick brooke.t.hedr...@gmail.com wrote: H On Jan 20, 2012 4:23 AM, Andrew Erskine a.ersk...@darasoft.com wrote: Top post ? Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Thanks. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 09:51 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 02:28, Brooke Hedrick wrote: Are you sure you updated the correct keystore? Which o/s are you running? (Please don't top post.) It's worth noting that some browsers appear to cache certs and sometimes changes are not immediately apparent. p On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Where is your keystore located? When running on with Tomcat poviding the cert, as I recall, there were 2 options of keystore placement. If you are using APR you can specify the location. If not, it assumes it has to look under your 'profile' home. So, c:/documents ands settings/... or c:/users/... Are you using APR? Another question... To rule out the browser, have you tried using openssl to retrieve tthe certificate?
RE: Cannot rid of expired Certificate ...
From: Andrew Erskine a.ersk...@darasoft.com To: Tomcat Users List users@tomcat.apache.org Date: 01/20/2012 06:05 AM Subject: RE: Cannot rid of expired Certificate ... -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 11:00 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 10:52, Andrew Erskine wrote: So how do I do that .. I'm only replying to questions .. S0, scroll down a bit... On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: ... and reply below Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? ... each point. p Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. like this ? .. aha Andrew, When you hit the reply button use the option that says Reply with Internet-Style history. That will add the 's to all the previous comments and then you comment under each relevant one. =) - Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Cannot rid of expired Certificate ...
I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks.
Re: Cannot rid of expired Certificate ...
Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
Yep .. And bounced the box for good measure. On 19 Jan 2012, at 20:54, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot rid of expired Certificate ...
Are you sure you updated the correct keystore? Which o/s are you running? On Jan 19, 2012 2:54 PM, Darryl Lewis darryl.le...@unsw.edu.au wrote: Did you restart tomcat? On 20/01/12 5:00 AM, Andrew Erskine a.ersk...@darasoft.com wrote: I have a self certificate that expired today. I removed the certificate from the keystore which the server.xml is pointin= g at and generated a new one with the same alias and I can see that cert in= the keystore. I've been through all my certificate locations on firefox and removed any i= nstance On restarting tomcat and starting a new browser the website is still saying= I have an expired certificate - so where is this being picked up from ? an= d is there a step I'm missing ? Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org