SSL Certificate Update Not Reflected on the Website
Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Thank you very much Conway
Re: SSL Certificate Update Not Reflected on the Website
On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Certificate Update Not Reflected on the Website
Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate Update Not Reflected on the Website
Conway, On 9.1.2012 11:19, Conway Liu wrote: Does anyone have any suggestion where might be wrong? Do you have anything between your browser and Tomcat? Apache HTTPd, perhaps, or some kind of load balancer with SSL termination? -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Certificate Update Not Reflected on the Website
On 09/01/2012 10:44, Conway Liu wrote: Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Something like: curl or openssl p Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: SSL Certificate Update Not Reflected on the Website
Thanks Pid. The problem was actually due to the network admin had to also update the proxy server. Only if he responds quicker to my emails and calls Regards Conway -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Tuesday, 10 January 2012 8:36 a.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 09/01/2012 10:44, Conway Liu wrote: Hi Pid, I tried different browsers, and tried different computers. What command line tool are you talking about? Something like: curl or openssl p Thanks Conway -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Monday, 9 January 2012 11:37 p.m. To: Tomcat Users List Subject: Re: SSL Certificate Update Not Reflected on the Website On 9 Jan 2012, at 10:20, Conway Liu c...@xtra.co.nz wrote: Hi, We used to use Thawte for our SSL certificate. Today I installed new SSL certificate issued by VeriSign and there were no errors. The primary and secondary intermediate CAs both imported into the keystore file properly, and then the SSL issued by VeriSign imported as well. I updated the server.xml to indicate the new keystore file with the keystore password. Started Tomcat, checked the log files and there were no errors. But when I browse to the website, it is still saying the SSL has expired and it's showing the one issued by Thawte. I tried to put an incorrect keystore password in server.xml and Tomcat did generate errors in the log file, which means Tomcat is looking at the correct keystore file. We have also tried to reboot the server in case the old SSL was cached somewhere but that didn't help. Does anyone have any suggestion where might be wrong? Which browser are you using? Some cache Certs and don't reflect the change immediately. Have you tried with a command line tool? p Thank you very much Conway - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
