Maybe it'd helpful not using the java key store (JKS).
Personally on Linux Tomcat installations without native APR I use the
.p12 files with this config
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile=${catalina.home}/ssl/serverkey.p12"
keystorePass="**PASS**" keystoreType="pkcs12" />
Jan
Good Day!
Everything was followed perfectly from this URL:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html. I've done this
setup a lot of times already and mostly I have been successful.
Until our security team noticed that the installed root CA is incorrect.
Instead of just importing the correct root CA, I deleted all the imported
certificates (originally 2 certificates) using the "keytool -delete -alias
<certificate nicknames> -keystore .keystore". Afterwards, I imported the 2
certificates again.
Now when I access https://mydomain:8443, it gives me a webpage not found
with ERR_CONNECTION_REFUSED error in Chrome and ssl_error_no_cypher_overlap
in Firefox.
Could anyone please let me know what I must have did wrong?
Thank you in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org