https://bz.apache.org/bugzilla/show_bug.cgi?id=65007
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> --- Perhaps the HOWTO could explain the difference between using -trustcacerts and not using -trustcacerts, but it's not true that the existing instructions "do not work" and that adding -trustcacerts will solve the problem. Whether or not -trustcacerts should be provided on the command-line depends upon the usage scenario for the user. For example, if you are importing a self-signed certificate, specifying -trustcacerts is never necessary. It's very common to use a self-signed certificate for a Tomcat server, so I suspect this is why the documentation omits the use of -trustcacerts. If you are importing a certificate you expect to be signed by a local CA (e.g. a corporate internal one) then you specifically DO NOT want to specify -trustcacerts as a sanity check against importing a certificate that has been signed by a globally-trustued CA (e.g. VeriSign). Would you care to submit a documentation patch which explains the difference, and when you might want (or need) to include the -trustcacerts command-line option? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org