Alissa,
On 7.11.2012 22:13, Alissa Schneider wrote:
Here are the steps I have taken thus far:
* I deleted my original keystore that held my self-signed certificate.
* I deleted the self-signed certificate.
* I recreated the keystore.
* I imported the CA-signed certificate.
* I have an index.txt file that I deleted all the contents from so it
is empty.
* The server.xml file reflects the current keystore/pw information and
the SSL lines have been uncommented.
Still, when I visit https://localhost:8443, the browser throws a certificate warning.
When I click on the certificate warning and view certificate, it displays information on
my self-signed certificate (that I've deleted). I think if I could figure out how to make
Tomcat point to the CA certificate instead of the old one, this would work for me.
However, I'm not sure how to clear the Tomcat "cache" so to speak.
Are you sure that the warning is the same? Perhaps the first warning was
about certificate not being signed by CA, and second warning is about
something else?
Every (CA-signed or self-signed) certificate is issued for the specific
hostname. If certificate hostname does not match hostname from browser
URL, browser will issue a warning. Maybe that is the case here.
If your CA-signed certificate is bound to hostname other than
"localhost" and you access your Tomcat server using browser URL
"https://localhost:8443";, than the browser will issue a warning.
I believe not a single CA would sign certificate for loopback interface
hostname "localhost", only for FQDN like "server.example.com".
Therefore, you should access your server using FQDN which your
certificate is issued for.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
