On 17/11/2011 16:48, rosiere wrote: > > Hello, > Thanks for your hint. > > I made a copy of my keystore. Then I changed alias: > my private key now uses the alias "mykey". > I changed our certificate's alias to "tomcat", by keytool's -changealias > command. > > Now this is my certificate (the third one that differs from INTER and ROOT) > Alias name: tomcat > > Entry type : trustedCertEntry > > Owner : CN=$myCN OU=Domain Control Validated - RapidSSL(R), OU=See > www.rapidssl.com/resources/cps (c)11, OU=$myOrganizationalUnit, > O=$myOrganization, C=FR, SERIALNUMBER=$mySerialNumber > Issuer : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US > > > In my server.xml I changed keyAlias from "tomcat" to "mykey" and referenced > the new keystore file. > > However at last I still could not show GeoTrust or RapidSSL as certificate > issuer when I browsed to Tomcat welcome page. The certificate returned to my > web browser was still a self-signed one. > > Do I have to rebuild my keystore from scratch and request another > certificate from our CA, just because of a mistake in my old alias?
No. Try the following. 1. Take copies of everything. 2. Delete everything from the keystore apart from the private key. 3. Ensure the private key has the alias "tomcat". 4. Import the CA cert and the intermediate as you did before. 5. Import your new cert *using the alias "tomcat"*. Yes I know this is the same as the private key. No, it isn't a mistake. 6. Configure your server.xml to use the alias "tomcat". Mark > > > markt-2 wrote: >> >> On 17/11/2011 15:26, rosiere wrote: >>> >> >>> My colleagues concluded that all the necessary certificates were >>> imported, >>> but none was actually used by Tomcat. >> >> Wrong. >> >> When you imported your new certificate, you should have specified >> "tomcat" as the alias rather than "$myAlias". >> >> I suggest you take some backups of your key stores in case you mess >> things up and then try again. >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
