I saw something on StackOverflow that said the key type in the keystore needs to be PrivateKeyEntry and not trustedCertEntry. Is this true? When I look at my keystore, it is trustedCertEntry for all the certs.
But when I look at the type for the self signed certificate (which works), it shows keyEntry. Does, or should this matter? and if so, how do I change the type? On Fri, Apr 4, 2014 at 4:34 PM, Mark Murphy <jmarkmur...@gmail.com> wrote: > 1.5.0_15 > > On Fri, Apr 4, 2014 at 3:23 PM, Daniel Mikusa <dmik...@gopivotal.com> > wrote: > > On Apr 4, 2014, at 2:52 PM, Mark Murphy <jmarkmur...@gmail.com> wrote: > > > >> Created my keystore according to the directions here: > >> > http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x7x > > > > Ok. Good start. > > > >> This is what I see in Chrome: > >> > >> SSL Connection Error > >> > >> Unable to make a secure connection to the server. This may be a > >> problem with the server, or it may be requiring a client > >> authentication certificate that you don't have. > >> Error code: ERR_SSL_PROTOCOL_ERROR > >> > >> Here is a non-SSL URL: http://www.myerstorquetracker.com > >> With SSL: https://www.myerstorquetracker.com > > > > Interesting. What JVM (java -version) are you using? > > > > Dan > > > >> > >>> > >>> > >>>> I am trying to set up SSL on tomcat with a CA certificate from > goDaddy. > >>>> > >>>> I am unable to load the Web Page using HTTPS. > >>> > >>> What exactly happens when you try to access it? Please include > browser behavior and any errors / messages it gives you about the > connection. > >>> > >>>> > >>>> When I try to use a self signed certificate, everything works as > expected, > >>>> but when I change the keystore to point to the one with the CA > certificate > >>>> in it, I get nothing. > >>> > >>> What steps / instructions did you follow to generate your keystore > file? > >>> > >>> Dan > >>> > >>>> There is nothing in the log that isn't there for the > >>>> Self-Signed startup either. > >>>> > >>>> Here is the Connector declaration: > >>>> > >>>> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="443" > >>>> scheme="https" secure="true" SSLEnabled="true" > >>>> keystoreFile="mykeystore.keystore" keystorePass="xxxxxxxx" > keyAlias="tcat" > >>>> clientAuth="false" sslProtocol="TLS" /> > >>>> > >>>> The keystore contains "tcat" as one of the three keys. The other two > >>>> entries are "root" and "intermed" from goDaddy. > >>>> > >>>> Where can I look to find the issue? > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > >
