Hello, Thanks for your suggestions. I displayd my keystore file with keytool: keytool -list -v -keystore $myKeystoreFile > keystoreManifest.txt
There are 4 entries in my keystore file. But only one entry contains a field named "Certificate chain length". The other 3 entries, as certificates from our CA, contain a field "Certificate fingerprint" (or "Empreinte du certificat" in French because my Linux distribution that supports my JDK and Tomcat was installed in French) # intermediate certificate alias: inter entry type: trustedCertEntry issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US # root certificate alias: root entry type: trustedCertEntr issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US # our private key alias : tomcat entry type: {0} //this is exactly what I see on the prompt, not a variable of my own writing. certificate chain length: 1 issuer: $ourDN alias : $myAlias entry type: trustedCertEntry issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US My colleagues concluded that all the necessary certificates were imported, but none was actually used by Tomcat. Daniel Mikusa-2 wrote: > > > On Thu, 2011-11-17 at 05:02 -0800, rosiere wrote: >> Hello, >> >> Of course I restarted my Tomcat. > > No offense meant, had to ask. Can't assume anything. > >> >> This is the SSL portion of my server.xml and it has noting wrong. >> >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" >> keystoreFile="$pathToMyKeystoreFile" >> keyAlias="tomcat" >> keystorePass="tomcat" >> clientAuth="false" sslProtocol="TLS" /> >> > > Yes, agreed. Looks fine assuming that "$pathToMyKeystoreFile" points to > the correct keystore file. > > > What do you see in the output of "keytool -list -v -keystore > $pathToMyKeystoreFile"? In particular, what is listed for "Alias > name:", "Entry type:" and "Certificate chain length" for each entry? > > > Dan > > -- View this message in context: http://old.nabble.com/Certificate-issued-by-GeoTrust-Global-CA-is-not-appearing-at-client-browser%27s-side-tp32855051p32862748.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org