Thank you all for your help. It just came to a point where I just had to
delete the old keystore and create a new one, and request for new
certificates. Now everything's working.
On Tue, Sep 17, 2013 at 9:58 AM, Jan Vávra <va...@602.cz> wrote:
> Maybe it'd helpful not using the java key store (JKS).
> Personally on Linux Tomcat installations without native APR I use the .p12
> files with this config
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile=${catalina.home}/**ssl/serverkey.p12"
> keystorePass="**PASS**" keystoreType="pkcs12" />
> Jan
>
>
>
>
> Good Day!
>>
>> Everything was followed perfectly from this URL:
>> http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>.
>> I've done this
>> setup a lot of times already and mostly I have been successful.
>>
>> Until our security team noticed that the installed root CA is incorrect.
>>
>> Instead of just importing the correct root CA, I deleted all the imported
>> certificates (originally 2 certificates) using the "keytool -delete
>> -alias
>> <certificate nicknames> -keystore .keystore". Afterwards, I imported the 2
>> certificates again.
>>
>> Now when I access https://mydomain:8443, it gives me a webpage not found
>> with ERR_CONNECTION_REFUSED error in Chrome and
>> ssl_error_no_cypher_overlap
>> in Firefox.
>>
>> Could anyone please let me know what I must have did wrong?
>>
>>
>> Thank you in advance.
>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
