Hi All,
I'm very new to Tomcat, so please excuse my ignorance. I'm setting up a server with Tomcat and SSL for our developers. For their product they must use Tomcat 5.5 - they can not upgrade to 6 at this time. The problem: I've purchased a cert from Geotrust.com, successfully imported it into the keystore using keytool, yet the tomcat welcome page kept coming up blank when I navigated to the SSL site on the server: https://servername:8443. There were no errors in the error log. The page works fine at the default address of http://servername:8080. Here is what I've done: 1. I downloaded the root chain cert from geotrust.com and created my keystore successfully, adding it and my newly purchased cert into the keystore file. 2. I restarted tomcat and received no errors. But navigating to the server in a browser shows a "Page cannot be found error". Running netstat -an in a command prompt shows port 8443 open and accepting connections. 2. To test if it was my cert or Keystore file, I borrowed a keystore from our developer and used it instead, and everything worked - page opened fine when navigating to it at https://server:8443 <https://server:8443/> . 3. So, I have a problem with my Keystore. I then imported my cert into his test keystore, but when I navigated to the page it used his key and not mine. 4. Next: I added the keyAlias="tomcat1" tag into the SSL connector configs in the server.xml file, and restarted tomcat. And of course I get this error in the Catalina error log: "java.io.IOException: Alias name tomcat1 does not identify a key entry" 5. Next: I ran keystore -list and noted that his keys are listed as "keys" (duh) and my key is listed as a "trustedCertEntry" - which is probably why the system won't use it when I use the keyAlias="tomcat" tag in the server.xml file. So - my big question is: how do I get tomcat to recognize my trustedCertEntry as a valid Key? Do I need to create my own certificate and place it in the original keystore I created, along with the root and the cert I bought? Is there a tag for the server.xml file that will force it to use the trustedCertEntry I imported into the keytool? Here is a copy of the connector settings for server.xml, for the configuration that loads without errors: <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="20" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="c:\files\keystore" keystorePass="PASSWORD"/> Thanks for any and all help provided, Michael Casale Systems Administrator / IT Manager Knoa Software [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Ph. (212) 807-9608 ext. 6000 Fax (212) 675-6121
