Dear friends, any suggestions on the following problem will be appreciated: Environment: Tomcat 4.1.29 Standalone, Java 1.4.2_03 & RedHat 9 Problem: "Certificate expired or not yet valid" error message on Internet Explorer, with a valid Verisign certificate in the keystore. Details: an existing SSL certificate that was bought from Verisign (its original CSR request was generated using OpenSSL) was imported into the Java keystore. This certificate, after transformed from PKCS12 into JKS format, was imported using keytool with alias "tomcat". Verisign's new intermediate certificate was imported with alias "root". My current keystore contains: -------------------------------------------------------- [EMAIL PROTECTED] root]# keytool -v -list Enter keystore password: ******* Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: root Creation date: Mar 5, 2004 Entry type: trustedCertEntry ... Valid from: Thu Apr 17 1997 until: Tue Oct 25 2011 ... ******************************************* Alias name: tomcat Creation date: Mar 5, 2004 Entry type: keyEntry ... Valid from: Wed Dec 03 2003 until: Fri Dec 03 2004 ... ******************************************* -------------------------------------------------------- Here's my SSL settings in Tomcat's server.xml: -------------------------------------------------------- <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="<SOME_PATH>/.keystore" keystorePass="*******" keystoreType="JKS" /> </Connector> -------------------------------------------------------- I listed the entries in <JAVA_HOME>/jre/lib/security/cacerts, and Verisign's certificate is obviously valid, considering my JDK version. The question is, given that I'm running the latest JDK with contains the latest (and valid) Verisign class 3 certificate, and that my keystore also contains that certificate, why would my browser say that Verisign's certificate has expired on Jan 2004? Thanks, Guilherme Birckan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]