Hello, Thanks for your hint. I made a copy of my keystore. Then I changed alias: my private key now uses the alias "mykey". I changed our certificate's alias to "tomcat", by keytool's -changealias command.
Now this is my certificate (the third one that differs from INTER and ROOT) Alias name: tomcat Entry type : trustedCertEntry Owner : CN=$myCN OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=$myOrganizationalUnit, O=$myOrganization, C=FR, SERIALNUMBER=$mySerialNumber Issuer : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US In my server.xml I changed keyAlias from "tomcat" to "mykey" and referenced the new keystore file. However at last I still could not show GeoTrust or RapidSSL as certificate issuer when I browsed to Tomcat welcome page. The certificate returned to my web browser was still a self-signed one. Do I have to rebuild my keystore from scratch and request another certificate from our CA, just because of a mistake in my old alias? markt-2 wrote: > > On 17/11/2011 15:26, rosiere wrote: >> > >> My colleagues concluded that all the necessary certificates were >> imported, >> but none was actually used by Tomcat. > > Wrong. > > When you imported your new certificate, you should have specified > "tomcat" as the alias rather than "$myAlias". > > I suggest you take some backups of your key stores in case you mess > things up and then try again. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Certificate-issued-by-GeoTrust-Global-CA-is-not-appearing-at-client-browser%27s-side-tp32855051p32863281.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
