Hi Chris, This is my configuration, when I access the Central Management Console, the browser shows site as ‘Not Secure’, please advise.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" compressionMinSize="2048" URIEncoding="UTF-8" compression="on" certificateKeyAlias="pmuw2-crrpad001.corp.trueblueinc.com" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/javascript,application/json" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="C:/SSL/certnew_pfx.pfx" certificateKeystorePassword="Crystal!@#" keystoreType="PKCS12" type="RSA" /> </SSLHostConfig> </Connector> Thanks, Veni From: Christopher Schultz <ch...@christopherschultz.net> Sent: Thursday, October 13, 2022 2:09 AM To: users@tomcat.apache.org Subject: Re: Install CA signed certificate on Tomcat 9 Veni, On 9/30/22 09: 20, Janardhanan, Veni wrote: > C: \>"C: \Program Files\RedHat\java-11-openjdk-11. 0. 13-1\bin\keytool" -list -keystore C: \SSL\myserver. keystore > Enter keystore password: > Keystore type: JKS > Keystore provider: ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Veni, On 9/30/22 09:20, Janardhanan, Veni wrote: > C:\>"C:\Program Files\RedHat\java-11-openjdk-11.0.13-1\bin\keytool" -list > -keystore C:\SSL\myserver.keystore > Enter keystore password: > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 2 entries > > tomcat, Sep 8, 2022, PrivateKeyEntry, > Certificate fingerprint (SHA-256): > 8B:1D:5B:59:86:39:A5:CD:AB:2A:4A:45:13:2B:82:A1:44:CD:8A:E7:20:96:5A:02:0F:73:E3:5A:A6:DB:B6:FD > tomcat1, Sep 29, 2022, trustedCertEntry, > Certificate fingerprint (SHA-256): > 1F:A1:D5:1A:AD:5C:57:6C:B8:90:D8:CA:D1:89:2D:E1:1E:1F:7E:78:D2:19:72:CE:CC:3B:25:03:DE:0F:E1:B6 On 9/30/22 07:16, Janardhanan, Veni wrote: > SSLHostConfig details : > > <SSLHostConfig protocols="TLSv1.2"> > > <Certificate > certificateKeystoreFile="C:/SSL/myserver.keystore" > > > certificateKeystorePassword=" " /> > > </SSLHostConfig> > Double-check that the password is correct. I don't think you can use "no password" with Tomcat, and keytool has some issues with that as well. The default format is JKS which is the format of your keystore. The error "invalid keystore format" is usually because the password is incorrect. If you have a key password which is different than your keystore password (uncommon but possible) then you must specify /both of them/ in your configuration. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>