Hello, It works.
Thanks. markt-2 wrote: > > On 17/11/2011 16:48, rosiere wrote: >> >> Hello, >> Thanks for your hint. >> >> I made a copy of my keystore. Then I changed alias: >> my private key now uses the alias "mykey". >> I changed our certificate's alias to "tomcat", by keytool's -changealias >> command. >> >> Now this is my certificate (the third one that differs from INTER and >> ROOT) >> Alias name: tomcat >> >> Entry type : trustedCertEntry >> >> Owner : CN=$myCN OU=Domain Control Validated - RapidSSL(R), OU=See >> www.rapidssl.com/resources/cps (c)11, OU=$myOrganizationalUnit, >> O=$myOrganization, C=FR, SERIALNUMBER=$mySerialNumber >> Issuer : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US >> >> >> In my server.xml I changed keyAlias from "tomcat" to "mykey" and >> referenced >> the new keystore file. >> >> However at last I still could not show GeoTrust or RapidSSL as >> certificate >> issuer when I browsed to Tomcat welcome page. The certificate returned to >> my >> web browser was still a self-signed one. >> >> Do I have to rebuild my keystore from scratch and request another >> certificate from our CA, just because of a mistake in my old alias? > > No. Try the following. > > 1. Take copies of everything. > > 2. Delete everything from the keystore apart from the private key. > > 3. Ensure the private key has the alias "tomcat". > > 4. Import the CA cert and the intermediate as you did before. > > 5. Import your new cert *using the alias "tomcat"*. Yes I know this is > the same as the private key. No, it isn't a mistake. > > 6. Configure your server.xml to use the alias "tomcat". > > Mark > >> >> >> markt-2 wrote: >>> >>> On 17/11/2011 15:26, rosiere wrote: >>>> >>> >>>> My colleagues concluded that all the necessary certificates were >>>> imported, >>>> but none was actually used by Tomcat. >>> >>> Wrong. >>> >>> When you imported your new certificate, you should have specified >>> "tomcat" as the alias rather than "$myAlias". >>> >>> I suggest you take some backups of your key stores in case you mess >>> things up and then try again. >>> >>> Mark >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Certificate-issued-by-GeoTrust-Global-CA-is-not-appearing-at-client-browser%27s-side-tp32855051p32870249.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
