I have setup a keystore as follows: keytool -genkey -alias tomcat -keyalg RSA -dname CN=<server FQDN>,OU="Company Name",O=" Company Name ",L=city,ST=province,C=CA \ -keystore /path/keystore -keypass phrase -storepass phrase
I then generated a CSR: keytool -certreq -keyalg RSA -alias tomcat -file /path/certreq.csr -keystore /path/keystore I signed the certificate on our Windows Server 2008 R2 CA Server: certreq.exe -attrib "CertificateTemplate:WebServer" c:\data\certreq.csr c:\data\certreq.cer I added the signed sert: keytool -import -alias tomcat2 -keystore /path/keystore -trustcacerts -file /path/certreq.cer Lastly I added the Base 64 encoded X.509 root ca from our active directory ca: keytool -keystore /path/keystore -keyalg RSA -import -trustcacerts -alias cacert -file /path/root-ca.crt This all completed w/o error, so I created the connector in the server.xml yet when domain clients connect to the ssl site, they are prompted with warnings suggesting the root cert is not trusted? Any pointers where I erred? Thanks! jlc --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org