Can you help me with this problem.
Problem: Installing SSL certificate on Apache Tomcat 8.0.36 fails
I am trying to install a new SSL certificate into Apache tomcat 8.0.36.I ran 
same steps ran successfully in 2013 and 2016 on tomcat 7. Nothing changed other 
than moving the virtual machine from old server to new hardware this year. 
Windows Server 2008 is still the same Operating system.
I created a keystore and extracted CSR, generated certificate using godaddy for 
Apache server and imported to server. I keep getting an SSL handshake errors 
and I think it is because the certificate entrytype is "trustedcertEntry" and 
not "privateKey Entry'
Here are the steps I used to create the keystore and import certificate to it.
1) Generate a Keystorecd C:\Program Files\Java\jre7\bin
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA  -sigalg SHA256withRSA 
-keypass secret19 -keystore tomcat10.keystore

2) Create a CSRkeytool -certreq -alias tomcat -keyalg RSA -sigalg SHA256withRSA 
-keystore tomcat10.keystore -file file10.csr

3) Generate certificates on godaddy site for "Apache" server (not tomcat)
4) Install root, intermediate and user certificate
keytool -import -alias root -keystore tomcat14.keystore -trustcacerts -file 

keytool -import -alias intermediate -keystore tomcat14.keystore -trustcacerts 
-file c:\cert_2022\gd_bundle-g2-g1.crt
keytool -import -alias tomcat -keystore tomcat10.keystore  -file 

I am not sure why but it seems the new one is not linking all certificates into 
the private key.
I tried many different imports and it would never import the server certificate 
as a "privateKeyentry" as the one running now.C:\Program 
Files\Java\jre7\bin>keytool -list -keystore tomcat10.keystoreEnter keystore 
Keystore type: JKSKeystore provider: SUN
Your keystore contains 3 entries
root, Jul 22, 2019, trustedCertEntry,Certificate fingerprint (SHA1): 
47:BE:AB:C9:22:EA:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8Bintermediate, Jul 22, 
2019, trustedCertEntry,Certificate fingerprint (SHA1): 
27:AC:93:69:FA:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8tomcat, Jul 22, 2019, 
trustedCertEntry,Certificate fingerprint (SHA1): 

I also tried creating a PEM text file for all certificates and importing that 
into private key alias tomcat but it only imported the domain certificate as 
My server xml file connector config is like this        <Connector port="8080" 
protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" 
compression="on" URIEncoding="UTF-8" compressionMinSize="2048" 
noCompressionUserAgents="gozilla, traviata" 
 port="443" protocol="HTTP/1.1" maxThreads="150" scheme="https" secure="true" 
clientAuth="false" sslProtocol="TLS" SSLEnabled="true" 
 TLS_RSA_WITH_AES_256_CBC_SHA" keystorePass="password" keystoreFile="C:\Program 
Files\Java\jre7\bin\tomcat10.keystore"/>    </Service></Server>

Tried many different options for keytool command.
Followed tomcat 8 documentation and godaddy list for installing certificate.
When I try to access using browser I get this error
This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced 
settings and try connecting to https://psscr.xyz.c
When I use openssl I get handshake failure$openssl s_client -connect 
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake 
failure:s23_clnt.c:769:---no peer certificate available---No client certificate 
CA names sent---SSL handshake has read 7 bytes and written 289 bytes---New, 
(NONE), Cipher is (NONE)Secure Renegotiation IS NOT supportedCompression: 
NONEExpansion: NONENo ALPN negotiatedSSL-Session:    Protocol  : TLSv1.2    
Cipher    : 0000    Session-ID:    Session-ID-ctx:    Master-Key:    Key-Arg   
: None    Krb5 Principal: None    PSK identity: None    PSK identity hint: None 
   Start Time: 1564789174    Timeout   : 300 (sec)    Verify return code: 0 (ok)

Reply via email to