John Ellis
405.285.2500 office http://biz-e.io -----Original Message----- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Monday, October 9, 2017 4:49 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat SSL issue On 10/9/2017 10:01 AM, John Ellis wrote: > > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid > SSL certificate. We finally got version 9.0.0.M20 setup successfully > on port 9443 and I can go to that IP:port and get a Tomcat webpage but > when I go through all the steps using the keytool commands to submit a > certificate (we use Cacert.org) and try to plug that certificate into > the mix it doesnt work. I still get an error message telling me that > I will have to create an exception to go to that IP address and port. > Last Friday I even deleted the certificate and all the keystore file, > etc. and got the same exact error. So it appears that Tomcat is not > seeing the certificate at all since I get the same error about having > to add an exception whether or not I have a valid certificate in place > on the server. > > The lines we added to the server.xml file to get the secure port > working are- > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > keystoreFile="/home/tomcat9.0.0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jk s" > > keystorePass="changeit" /> > > John Ellis > >Terence I have tried putting my name in where it asks for the "first and last name" part of filling out the certificate info but when I do that the Cacert.org website says I have to authenticate the actual internal IP address of this server and there is no way to do that that I know of. Thanks, Hi, John- Is it a browser that's displaying the error message and requesting that you create an exception to continue? If so, have you looked at the additional information to determine what problems the browser has detected with the certificate? -Terence Bandoian http://www.tmbsw.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org