-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James,
On 1/18/12 12:37 PM, James Lampert wrote: > So far, I've had complete success using self-signed certificates, > both here and on the customer box, once I found out that the CN > needs to match the domain name. ;) > But now, we're trying to get the customer box up on a CA-signed > certificate, and Tomcat doesn't like it. (Given that we haven't > done it on our own box, it's kind of a case of the blind leading > the blind.) We had our contact with the customer follow the > procedure given on > > http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Importing_the_Certificate > > > > and I put the resulting keystore into service, started Tomcat, and > got this in logs/catalina.out: > >> SEVERE: Failed to initialize end point associated with >> ProtocolHandler ["http-bio-443"] Throwable occurred: >> java.io.IOException: Alias name tomcat does not identify a key >> entry at Did you also put your server's key into the keystore? > If I list the keystore, I get: >> Keystore type: jks >> Keystore provider: IBMJCE >> >> >> Your keystore contains 2 entries >> >> >> root, Jan 18, 2012, trustedCertEntry, >> Certificate fingerprint (MD5): >> D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A tomcat, Jan 18, >> 2012, trustedCertEntry, >> Certificate fingerprint (MD5): >> 55:D7:4D:D4:83:01:D6:E0:EB:A4:F3:9A:06:BD:87:38 It looks like you only have certificates. Did you forget to import the key into the keystore? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8d5S0ACgkQ9CaO5/Lv0PC7oACdHek6Dxn2r0p2TXz7w9IxYJv8 EecAoI45tZqdrBsTZGII759VyURQAsFL =beQr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org