Hi Don,
Is this Tomcat for Windows or Tomcat for a UNIX variant?
Have you verified the keystore as correct via * keytool -v -list
-keystore KEYSTORE_PATH/FILE* ? (Redirect that text to a file if need be!)
Did you use the *-trustcacerts* flag upon importing the certificates or
was this omitted?
On 08/20/2009 04:49 PM, Don Prezioso wrote:
Peter,
Thanks for the reply. When I first started having this problem I was actually
using a single keystore for both certificates. Yes there is both an
intermediate and a root certificate that get loaded in the keystore, and I'm
sure, at least when I was using a single keystore that they were loaded
correctly because the other instance (and certificate) were working correctly.
With the second instance using a separate keystore, I get the same results
whether the intermediate certificate is loaded in the keystore or not. That
makes me think that somehow the second instance of Tomcat can't access the
intermediate certificate, but somehow the first instance doesn't have that
trouble?
Don
--
Don Prezioso
Director of Administrative I.T.
Ashland University
Ashland, Ohio
-----Original Message-----
From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On
Behalf Of Peter Crowther
Sent: Thursday, August 20, 2009 4:40 PM
To: Tomcat Users List
Subject: Re: SSL with multiple Tomcat instances
2009/8/20 Don Prezioso<dp...@ashland.edu>:
I have two instances of Tomcat 5.5 set up on a Red Hat box, each using separate
IP addresses. I have obtained two certificates, one for each instance, and have
put them in separate keystores. Both certificates are from IPSCA and both
keystores have been set up in the same manner. Each keystore is properly
referenced in the associated server.xml
The first instance (on eth0) is working with no problems. The second instance
(on eth0:0), appears to work fine in IE, but when I connect using Firefox,
Chrome, or Safari, I get the message:
The web site's certificate cannot be verified. Do you want to continue? The
certificate cannot be verified by a trusted source.
When I view the certificate, it appears valid. If I click on 'Yes', then check
the certificate, it says it is 'Verified by: IPS Certification Authority s.l.'
and again, all appears fine.
Any ideas on why I am only getting the warning only on the second instance? I
can't believe it is an issue with IPSCA since the first instance does not
exhibit the problem.
Hmm. This probably won't help you, but I recently had exactly those
symptoms when I hadn't installed the intermediate certificate for a
GlobalSign cert on an IIS server. IE didn't care; everything else got
upset.
Do IPSCA use intermediate certs? If so, are you *sure* they're
installed correctly on both keystores? ;-)
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org