John Ellis
405.285.2500 office http://biz-e.io -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, October 9, 2017 12:33 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat SSL issue On 09/10/17 16:01, John Ellis wrote: > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid > SSL certificate. We finally got version 9.0.0.M20 setup successfully > on port > 9443 and I can go to that IP:port and get a Tomcat webpage but when I > go through all the steps using the keytool commands to submit a > certificate (we use Cacert.org) and try to plug that certificate into > the mix it doesnt work. I still get an error message telling me that > I will have to create an exception to go to that IP address and port. > Last Friday I even deleted the certificate and all the keystore file, > etc. and got the same exact error. So it appears that Tomcat is not > seeing the certificate at all since I get the same error about having > to add an exception whether or not I have a valid certificate in place on the server. If you get that error then Tomcat has the certificate but the client doesn't trust it. You need to check if: - Tomcat is supplying the full certificate chain - If the client trusts the issuing CA Mark OK Mark can you explain to me why we get the same exact error condition with no certificate in place at all as when we provide a certificate? I'm not arguing that just doesn't make any sense to me but as I said before I am not a programmer or developer or anything like that. Thanks, John > > The lines we added to the server.xml file to get the secure port > working > are- > > > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > > keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk s" > > keystorePass="changeit" /> > > > > John Ellis > > > > 405.285.2500 office > > > > United States > > bize-logo-rgb-original_Ryan_Revised_portal size > cid:image002.jpg@01CECFDA.65B42CD0 > > > > http://biz-e.io > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org