Do those certificates match the type of certificate that you have?
Last time I checked, VeriSign had a whole set of intermediate
certificates and you need the ones that match the type of certificate
you have (EV versus whatever the other flavors they have are).
Which other flavors? How do I know?
keytool -import -trustcacerts -alias EV_root -keystore
/opt/tomcat5/certs/tcc -file veriCA1.cer
Is /opt/tomcat5/certs/tcc the file you have configured in Tomcat?
It's the keystore and yes, configured in tomcat
Please post your SSL<Connector> configuration (cleansed of any
passwords).
Finally, you didn't post your original stack trace. Since this is
happening on the server-side, it's either a problem during startup or
during client-certificate verification. Since you mentioned the "site
certificate", I assume you are having problems with your server's SSL
certificate and not a client certificate being presented by a remote
client, right?
I'm not sure what you mean with the server and client certificates. No
web browser reports the server certificate as no valid.
Can you show me what this command returns:
$ keytool -list -keystore /opt/tomcat5/certs/tcc -v
Your keystore contains 3 entries
Alias name: evintermediate
Creation date: Apr 24, 2012
Entry type: trustedCertEntry
Owner: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at
https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
Serial number: 6ecc7aa5a7032009b8cebcf4e952d491
Valid from: Mon Feb 08 01:00:00 CET 2010 until: Sat Feb 08 00:59:59 CET 2020
Certificate fingerprints:
MD5: 3C:48:42:0D:FF:58:1A:38:86:BC:FD:41:D4:8A:41:DE
SHA1: 5D:EB:8F:33:9E:26:4C:19:F6:68:6F:5F:8F:32:B5:4A:4C:46:B4:76
*******************************************
*******************************************
Alias name: ev_root
Creation date: Apr 24, 2012
Entry type: trustedCertEntry
Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Serial number: 250ce8e030612e9f2b89f7054d7cf8fd
Valid from: Wed Nov 08 01:00:00 CET 2006 until: Mon Nov 08 00:59:59 CET 2021
Certificate fingerprints:
MD5: F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
SHA1: 32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
*******************************************
*******************************************
Alias name:
Creation date: Feb 24, 2012
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=www.mycompany.com, OU=Terms of use at www.verisign.com/rpa
(c)05, OU=Comercial, O="My OU S.L.", L=My city, ST=Madrid, C=ES
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at
https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Serial number: 7afc00006539f4e816f7fe6b65f47af0
Valid from: Sat Feb 11 01:00:00 CET 2012 until: Fri Apr 12 01:59:59 CEST
2013
Certificate fingerprints:
*******************************************
*******************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
