On Apr 4, 2014, at 4:42 PM, Mark Murphy <jmarkmur...@gmail.com> wrote:
> I saw something on StackOverflow that said the key type in the keystore > needs to be PrivateKeyEntry and not trustedCertEntry. Is this true? When I > look at my keystore, it is trustedCertEntry for all the certs. > > But when I look at the type for the self signed certificate (which works), > it shows keyEntry. > > Does, or should this matter? and if so, how do I change the type? Did you run the commands exactly as described in the link that you provided? If not you should go through the process again and follow them exactly. You can pretty much copy and paste them as they are listed in that document. Dan > > > On Fri, Apr 4, 2014 at 4:34 PM, Mark Murphy <jmarkmur...@gmail.com> wrote: > >> 1.5.0_15 >> >> On Fri, Apr 4, 2014 at 3:23 PM, Daniel Mikusa <dmik...@gopivotal.com> >> wrote: >>> On Apr 4, 2014, at 2:52 PM, Mark Murphy <jmarkmur...@gmail.com> wrote: >>> >>>> Created my keystore according to the directions here: >>>> >> http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x7x >>> >>> Ok. Good start. >>> >>>> This is what I see in Chrome: >>>> >>>> SSL Connection Error >>>> >>>> Unable to make a secure connection to the server. This may be a >>>> problem with the server, or it may be requiring a client >>>> authentication certificate that you don't have. >>>> Error code: ERR_SSL_PROTOCOL_ERROR >>>> >>>> Here is a non-SSL URL: http://www.myerstorquetracker.com >>>> With SSL: https://www.myerstorquetracker.com >>> >>> Interesting. What JVM (java -version) are you using? >>> >>> Dan >>> >>>> >>>>> >>>>> >>>>>> I am trying to set up SSL on tomcat with a CA certificate from >> goDaddy. >>>>>> >>>>>> I am unable to load the Web Page using HTTPS. >>>>> >>>>> What exactly happens when you try to access it? Please include >> browser behavior and any errors / messages it gives you about the >> connection. >>>>> >>>>>> >>>>>> When I try to use a self signed certificate, everything works as >> expected, >>>>>> but when I change the keystore to point to the one with the CA >> certificate >>>>>> in it, I get nothing. >>>>> >>>>> What steps / instructions did you follow to generate your keystore >> file? >>>>> >>>>> Dan >>>>> >>>>>> There is nothing in the log that isn't there for the >>>>>> Self-Signed startup either. >>>>>> >>>>>> Here is the Connector declaration: >>>>>> >>>>>> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" >> port="443" >>>>>> scheme="https" secure="true" SSLEnabled="true" >>>>>> keystoreFile="mykeystore.keystore" keystorePass="xxxxxxxx" >> keyAlias="tcat" >>>>>> clientAuth="false" sslProtocol="TLS" /> >>>>>> >>>>>> The keystore contains "tcat" as one of the three keys. The other two >>>>>> entries are "root" and "intermed" from goDaddy. >>>>>> >>>>>> Where can I look to find the issue? >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
