-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jairaj,
On 5/4/15 10:38 AM, jairaj kamal wrote: > Hi, Please find my response inline as below. Also *this is for > Tomcat version 6* > > 1.) Include the <Connector /> tag from `conf/server.xml` so we can > see how you've configured Tomcat - Below is what I added <Connector > port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" > scheme="https" secure="true" > > keystoreFile="C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.key store" > > keystorePass="report2web" clientAuth="false" sslProtocol="TLS" /> > > 2.) Include the exact version of Tomcat you're using - Tomcat > version 6 There have been 43 versions of Tomcat 6 released. Which one? Are you using the APR-enabled connector or the JSSE one? Since you are using a Java Keystore, I'm assuming JSSE, but it's worth asking; the setup is completely different for the two. > 3.) Are you connecting directly to Tomcat or is there an HTTPD or > some other server acting as a reverse proxy in between? - *not by > HTTPD but Connecting via url https://hostname:8443/r2wpublisher/ > <https://hostname:8443/r2wpublisher/>* > > 4.) Look at the certificate as displayed by your browser. In > Chrome, click the lock in the tool bar, other browsers are similar. > Look at the details on the certificate and see what certificate > you're being presented. Is it the once that you purchased? or > perhaps an older self-signed on? - *Yes this is what I purchased > but its displays error as "This CA Root certificate is not trusted > because it is not in the Trusted Root Certification Authorities > store."* What is the certificate chain that Chrome shows you? Start with your own certificate and go up toward the root CA. Does it show every certificate that you put into your keystore? Perhaps you are missing one or more intermediate certificates. > *Earlier I used below commands to configure SSL* > > #Keystore creation keytool -genkey -alias report2web -keyalg RSA > -keystore > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore #CSR > generation keytool -certreq -keyalg RSA -alias report2web -file > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.csr -keystore > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > > #Root Certificate Import keytool -import -alias root -keystore > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > -trustcacerts -file C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer > > #SSL Certificate Import keytool -import -alias nedr2wqajob1 > -keystore > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > -file C:\Users\svcr2wadmin\nedr2wqajob1\TestCA.cer At some point, you need to re-import your own certificate. Which certificate is the one you got signed? TestCA.cer or TestRoot.cer? Also, nearly every certificate authority requires that you install an "intermediate" certificate between your cert and the CA's root cert. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVR4bUAAoJEBzwKT+lPKRYXbYQAIHG5Xs1/NJixM6nPwhPOgWm hnVdHXykk11+/fBIjs/ooS4iyNTkUqtACGFT8VCPQVA4/P/90aOnoSuVzaKLFZ3a nJkqdV0xDiLFuqzdb2I2alNvwMAYvNMApgG1yjuBiusq/fbjQFNUIP+8FVce4sP2 za4O5ZNw42GkWLaIvOXQuY4jaOS7Gg/CJnI+igU4QkEGN5At40s5Rgf2IuVUo0Dk R65ywzn9yTYsNjNzy2w/QtxZkY7qn9h0gfenKL6XUFR35t2ppSDO8uNKxvotKuj6 5ahVHcfSnSxsFB2LISFbNH4H67hGpYgNaUL1Ox758zTD9jZ5jFXG2RBfb+gfav4W FocCZXG38lWfCcaDcMZhi+s/shTACWOvXmf14gJNeCqYRz92rVm3+y0moMj5by+S VWwvbaL3ga3pvxqx8ALtFXBffCDiiFBy2QnxYNOBqefoK9jyFnOMnPuf+nyBsqfZ XXvU640p/LXIEfTn0vtPuVF4C1k0nzFOQiHRIxCCbh26mxd1PwiS55Xhfto6QiXn 9LwBQnJuSVypGs9A4us+6z6kPlSQXq+i03CO8h7A91gCVnqoaQ2GPK1tJQ/IA5RX t49PtHq688UFOUrf/7GQMiJy5uE0ESxCruPlRndcPgh67gXw30aNKy3Wf7nzFfwy VE7gxva/v8YJqGhMP25L =nzQT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
