Problem fixed! In summary Tomcat requires a .keystore file under c:\document and settings\default user and as such the one there was not the one details within server.xml.
I changed the entries within this default keystore, restarted tomcat and excellent problem resolved. Q: Whats the point of referencing a specific keystore within server.xml if it does take notice of it? -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Saturday, 9 May 2009 12:53 AM To: Tomcat Users List Subject: Re: SSL Mysterious Self Signed Certificate -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wayne, On 5/7/2009 5:23 PM, Andrews, Wayne wrote: > I created a new keystore, imported the root certificate from Thawte, > then the signed cert. The browser displays some self signed cert > that has expired. Wait, you signed the certificate? That's called a self-signed certificate, when you .... sign the cert ... yourself. If you are using a legitimate certificate /signed by Thawte/ and you're still getting this error, there are two possibilities that I can think of: 1. Thawte has a two-part cert, and you've only imported one of the parts. This can happen with the new-fangled EV certs (we had this problem ourselves... we had the VeriSign intermediate cert installed on our servers for years, but we required a /second/ intermediate cert in order to get the new EV cert not to complain on certain browsers (but not all... strange). 2. You aren't sending the cert you think you're sending to the browser. Use your browser to check the cert it's receiving, and check the certificate "chain", too. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoER2UACgkQ9CaO5/Lv0PAPXQCfeh1Ch8npN/x87WOwu5xO9CTJ PxQAmgM7AueeiFMzInJ1ikGz+GwMUTW+ =6AJn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
