Thank you all for your help. It just came to a point where I just had to delete the old keystore and create a new one, and request for new certificates. Now everything's working.
On Tue, Sep 17, 2013 at 9:58 AM, Jan Vávra <va...@602.cz> wrote: > Maybe it'd helpful not using the java key store (JKS). > Personally on Linux Tomcat installations without native APR I use the .p12 > files with this config > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile=${catalina.home}/**ssl/serverkey.p12" > keystorePass="**PASS**" keystoreType="pkcs12" /> > Jan > > > > > Good Day! >> >> Everything was followed perfectly from this URL: >> http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>. >> I've done this >> setup a lot of times already and mostly I have been successful. >> >> Until our security team noticed that the installed root CA is incorrect. >> >> Instead of just importing the correct root CA, I deleted all the imported >> certificates (originally 2 certificates) using the "keytool -delete >> -alias >> <certificate nicknames> -keystore .keystore". Afterwards, I imported the 2 >> certificates again. >> >> Now when I access https://mydomain:8443, it gives me a webpage not found >> with ERR_CONNECTION_REFUSED error in Chrome and >> ssl_error_no_cypher_overlap >> in Firefox. >> >> Could anyone please let me know what I must have did wrong? >> >> >> Thank you in advance. >> >> > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >