John Ellis
405.285.2500 office http://biz-e.io -----Original Message----- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Monday, October 9, 2017 4:49 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat SSL issue On 10/9/2017 10:01 AM, John Ellis wrote: > > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid > SSL certificate. We finally got version 9.0.0.M20 setup successfully > on port 9443 and I can go to that IP:port and get a Tomcat webpage but > when I go through all the steps using the keytool commands to submit a > certificate (we use Cacert.org) and try to plug that certificate into > the mix it doesnt work. I still get an error message telling me that > I will have to create an exception to go to that IP address and port. > Last Friday I even deleted the certificate and all the keystore file, > etc. and got the same exact error. So it appears that Tomcat is not > seeing the certificate at all since I get the same error about having > to add an exception whether or not I have a valid certificate in place > on the server. > > The lines we added to the server.xml file to get the secure port > working are- > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk s" > > keystorePass="changeit" /> > > John Ellis > >Thanks for the reply Terence. Yes I get the message about needing to create a security exception when I first try to open the Tomcat webpage on the secure port of 9443. I have deleted the certificate and supporting files off of the server as I was going to start over with a new certificate. I believe the error said something about not being able to verify the certificate. I think the main issue is that this is just an internal server here in our office running RHEL 6. It is not setup as a web server and it just has the name of "cowboy" (given that name by my boss) so it is hard to figure out what to call the "First and last name" part when I am creating the CSR to send to Cacert.org. I can't just use the name "cowboy" as I don't have any way to validate that. Have you ever run into situations like this? As I said before I am not a programmer or developer or anything like that. My background was in computer hardware for over 25 years until I took this position after being laid off from what was formerly WebMD. We installed systems in dr's offices, etc. Any light you could shed on this would be great! Thanks Hi, John- Is it a browser that's displaying the error message and requesting that you create an exception to continue? If so, have you looked at the additional information to determine what problems the browser has detected with the certificate? -Terence Bandoian http://www.tmbsw.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org