-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern,
On 5/23/2011 4:53 AM, Dipl.-Ing. Mag. Bernhard Hobiger wrote: > I am running Tomcat 6.0.18 64bit on Windows Server 2008 R2 > Enterprise. I obtained a certificate for my server from StartCom, > installed it and configured the Connector. The server, intermediate > and root certificates are in a keystore file. So far all went fine, > except for one problem: Tomcat sends only the server certificate, not > the whole certificate chain. This means that Firefox (all newer > versions) thinks the certificate is invalid. > > I tried to import the StartCom certificates into the default keystore > cacerts, no difference. The problem is not that Tomcat cant validate > the certificate, but that the intermediate certificate is not sent > (verified with Wireshark). I haven't done much work with SSL certs in Java, but I wonder what would happen if you imported all of the certs, together, into a single alias in your cert store. Have you tried that, or did you import each cert (yours, intermediate, etc.) into separate certs within the cert store? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3azXsACgkQ9CaO5/Lv0PAi/gCgrrgCcDCHueT7EMNRR0jlL4JM 6A4AmwRnCsI6TLCGAkvjxuIj0C0vQhZz =9NOA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org