Re: Certificate issued by GeoTrust Global CA is not appearing at client browser's side

Thu, 17 Nov 2011 07:26:38 -0800 

Hello,

Thanks for your suggestions.
I displayd my keystore file with keytool: 
keytool -list -v -keystore  $myKeystoreFile > keystoreManifest.txt


There are 4 entries in my keystore file. 
But only one entry  contains a field named "Certificate chain length".

The other 3 entries, as certificates from our CA, contain a field 
"Certificate fingerprint" 
(or "Empreinte du certificat" in French because my Linux distribution that
supports my JDK and Tomcat was installed in French)

# intermediate certificate
alias: inter
entry type: trustedCertEntry
issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

# root certificate
alias: root
entry type: trustedCertEntr
issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US


# our private key
alias : tomcat
entry type:  {0}  //this is exactly what I see on the prompt, not a variable
of my own writing.
certificate chain length: 1
issuer: $ourDN


alias : $myAlias
entry type: trustedCertEntry
issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US


My colleagues concluded that all the necessary certificates were imported,
but none was actually used by Tomcat.





Daniel Mikusa-2 wrote:
> 
> 
> On Thu, 2011-11-17 at 05:02 -0800, rosiere wrote:
>> Hello,
>> 
>> Of course I restarted my Tomcat.
> 
> No offense meant, had to ask.  Can't assume anything.
> 
>> 
>> This is the SSL portion of my server.xml and it has noting wrong.
>> 
>> 
>>     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>>                maxThreads="150" scheme="https" secure="true"
>>                keystoreFile="$pathToMyKeystoreFile"
>>                keyAlias="tomcat"
>>                keystorePass="tomcat"
>>                clientAuth="false" sslProtocol="TLS" />
>> 
> 
> Yes, agreed.  Looks fine assuming that "$pathToMyKeystoreFile" points to
> the correct keystore file.
> 
> 
> What do you see in the output of "keytool -list -v -keystore
> $pathToMyKeystoreFile"?  In particular, what is listed for "Alias
> name:", "Entry type:" and "Certificate chain length" for each entry?
> 
> 
> Dan
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Certificate-issued-by-GeoTrust-Global-CA-is-not-appearing-at-client-browser%27s-side-tp32855051p32862748.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to