On 09/10/17 16:01, John Ellis wrote: > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid SSL > certificate. We finally got version 9.0.0.M20 setup successfully on port > 9443 and I can go to that IP:port and get a Tomcat webpage but when I go > through all the steps using the keytool commands to submit a certificate > (we use Cacert.org) and try to plug that certificate into the mix it > doesn’t work. I still get an error message telling me that I will have > to create an exception to go to that IP address and port. Last Friday I > even deleted the certificate and all the keystore file, etc. and got the > same exact error. So it appears that Tomcat is not seeing the > certificate at all since I get the same error about having to add an > exception whether or not I have a valid certificate in place on the server.
If you get that error then Tomcat has the certificate but the client doesn't trust it. You need to check if: - Tomcat is supplying the full certificate chain - If the client trusts the issuing CA Mark > > The lines we added to the server.xml file to get the secure port working > are- > > > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > > keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks" > > keystorePass="changeit" /> > > > > John Ellis > > > > 405.285.2500 office > > > > United States > > bize-logo-rgb-original_Ryan_Revised_portal size > cid:image002.jpg@01CECFDA.65B42CD0 > > > > http://biz-e.io > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org