-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Munzer,
On 8/5/19 20:42, Munzer Khatib wrote: > Here are the steps I used to create the keystore and import > certificate to it. These steps look okay, with the exception that Peter (logo) pointed out: you have used two different keystores in your commands. Also, you have tomcat10.keystore in your configuration and I think you might want to be using tomcat14.keystore. Whichever keystore you use, you need to be consistent. Feel free to make a backup copy after you generate your CSR just in case you make a mistake and damage the key store. > C:\Program Files\Java\jre7\bin>keytool -list -keystore > tomcat10.keystoreEnter keystore password: Keystore type: > JKSKeystore provider: SUN Your keystore contains 3 entries root, > Jul 22, 2019, trustedCertEntry,Certificate fingerprint (SHA1): > 47:BE:AB:C9:22:EA:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8Bintermediate, > Jul 22, 2019, trustedCertEntry,Certificate fingerprint (SHA1): > 27:AC:93:69:FA:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8tomcat, Jul > 22, 2019, trustedCertEntry,Certificate fingerprint (SHA1): > B6:27:BE:DF:ED:EF:EF:4D:62:D2:F1:5C:CC:C1:A2:AB:98:60:8E Okay, that's the first entry in the file. What about the other two? > > I also tried creating a PEM text file for all certificates and > importing that into private key alias tomcat but it only imported > the domain certificate as "trustedcertentry" My server xml file > connector config is like this <Connector port="8080" > protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" > compression="on" URIEncoding="UTF-8" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/java script,text/json,application/json"/><Connector > port="443" protocol="HTTP/1.1" maxThreads="150" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" > SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA3 84, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS _RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_RSA_WITH_AES_256_CBC_SHA" keystorePass="password" > keystoreFile="C:\Program Files\Java\jre7\bin\tomcat10.keystore"/> > </Service></Server> You are missing a "keyAlias" attribute. You'll want: keyAlias="tomcat" In that <Connector> configuration. Otherwise, Tomcat will use the first entry found in the keystore. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1MKqcACgkQHPApP6U8 pFhGWRAAxR38krdkv0T4UpZSgvPvhFFm5rNMaxG2JKMusybjQwO3/7H9sg6hi4TZ XKlwrH3iqn4qcAl2GtT4oYy9VwZjoo4GPuaJzTl+qZ1gbX0vFw7YtwfKrnYVWv5A IXprhCvZPXjIDEBgNNOoHaX9sAI0APvk6d8HDNtD/d5etqL5KxEZ3vP8o2vyV1A1 nNK0Q5wFXOxfUFpNCoGzUUdOGOAopzUtj9qmdJERi3XvGwho2IoVPfdd60Hk+/Qi 62LzTn/+rckKXhNk2A6Zgek4qFxbl60w0MpaogTPhMhC4ouQaUmy0CugBuKZfYuE YjJzsJzlGDpXQHbOgX/wkSYhC+3Au9j1TXvflSuQG9MljtRwKKCjt3WzWHLzM30Q /kXhFOOglIfXJ8PQdO4OUG3O0sFKbpeKNVrEy6CquhRHbYRpA1DgZPNp86oRoEnc zPO7aqjC/hxTS9zhfCmUx1ZCb3sJg/hXuUkSi8//6UEkOLORY5qN0p2OApl+ft2j jkoWRdvXrmQhKl0fuO5Mot27M2uOGJ/UGB2Ed0vsNOGlD2/UNg3Yz8oHi3xv1Zu0 B6tqVaRP164vHunB2ka5tGJ7jyQPw3P1Mr9Z9bbHIyKsM8ckb2QSbrKUlcsQ28gv FT/merQctDyMS0zHVYzUobfqujE8EqC33Cyq5eedWhqGFGQpwsM= =lp+s -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org