Thanks Jan for replying. Unfortunately, I'm not inclined on going to the
direction that it's a browser problem.

This server where I imported the certificates and has been encountering
errors is just one of the servers that are configured to run SSL. All of
the other servers have the same setup except for the "keytool -delete.."
that I used in this particular erring server. Other servers are OK in SSL.

I'm worried that the keytool delete might have caused the problem?


On Mon, Sep 16, 2013 at 3:36 PM, Jan Vávra <va...@602.cz> wrote:

> |Hello,
>  on 
> http://support.mozilla.org/cs/**questions/952242<http://support.mozilla.org/cs/questions/952242>there
>  is described smthg about ssl protocol settings for Firefox. It seems
> like ||||you have configured ||in server.xml||eg. only SSLv2 protocol that
> is disabled in the client browser
>
> http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**html<http://tomcat.apache.org/tomcat-7.0-doc/config/http.html>
> sslProtocol
> http://docs.oracle.com/javase/**7/docs/technotes/guides/**
> security/StandardNames.html#**SSLContext<http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext>
>
> Jan
>
> |
>
>> Good Day!
>>
>> Everything was followed perfectly from this URL:
>> http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>.
>> I've done this
>> setup a lot of times already and mostly I have been successful.
>>
>> Until our security team noticed that the installed root CA is incorrect.
>>
>> Instead of just importing the correct root CA, I deleted all the imported
>> certificates (originally 2 certificates)  using the "keytool -delete
>> -alias
>> <certificate nicknames> -keystore .keystore". Afterwards, I imported the 2
>> certificates again.
>>
>> Now when I access https://mydomain:8443, it gives me a webpage not found
>> with ERR_CONNECTION_REFUSED error in Chrome and
>> ssl_error_no_cypher_overlap
>> in Firefox.
>>
>> Could anyone please let me know what I must have did wrong?
>>
>>
>> Thank you in advance.
>>
>>
>

Reply via email to