Hi, Please find my response inline as below. Also *this is for Tomcat
version 6*
1.) Include the <Connector /> tag from `conf/server.xml` so we can see
how you've
configured Tomcat - Below is what I added
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore"
keystorePass="report2web" clientAuth="false" sslProtocol="TLS" />
2.) Include the exact version of Tomcat you're using - Tomcat version 6
3.) Are you connecting directly to Tomcat or is there an HTTPD or some other
server acting as a reverse proxy in between? - *not by HTTPD but Connecting
via url https://hostname:8443/r2wpublisher/
<https://hostname:8443/r2wpublisher/>*
4.) Look at the certificate as displayed by your browser. In Chrome, click the
lock in the tool bar, other browsers are similar. Look at the details on
the certificate and see what certificate you're being presented. Is it the
once that you purchased? or perhaps an older self-signed on? - *Yes this
is what I purchased but its displays error as "This CA Root certificate is
not trusted because it is not in the Trusted Root Certification Authorities
store."*
*Earlier I used below commands to configure SSL*
#Keystore creation
keytool -genkey -alias report2web -keyalg RSA -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore
#CSR generation
keytool -certreq -keyalg RSA -alias report2web -file
C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.csr -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore
#Root Certificate Import
keytool -import -alias root -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore -trustcacerts
-file C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer
#SSL Certificate Import
keytool -import -alias nedr2wqajob1 -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore -file
C:\Users\svcr2wadmin\nedr2wqajob1\TestCA.cer
*Jairaj Kamal*
On Mon, May 4, 2015 at 6:39 AM, Daniel Mikusa <dmik...@pivotal.io> wrote:
> On Sun, May 3, 2015 at 7:48 PM, jairaj kamal <jairaj.ka...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I created a keystore via Keytool, CSR file and received below root and
> > intermediate certificates.
> >
> > I have got both TestRoot.cer & TestCA.cer certificates imported in
> keystore
> > via keytool but still in browser it shows in red and looks issue with
> > certificate is not resolved yet.
> >
> > Do i need to convert dot extension of above certs to PKCS12 format, how
> to
> > resolve it ?
> >
>
> There's a lot that could be going on here. You need to try and narrow down
> the problem.
>
> 1.) Include the <Connector /> tag from `conf/server.xml` so we can see how
> you've configured Tomcat.
> 2.) Include the exact version of Tomcat you're using.
> 3.) Are you connecting directly to Tomcat or is there an HTTPD or some
> other server acting as a reverse proxy in between?
> 4.) Look at the certificate as displayed by your browser. In Chrome, click
> the lock in the tool bar, other browsers are similar. Look at the details
> on the certificate and see what certificate you're being presented. Is it
> the once that you purchased? or perhaps an older self-signed on?
>
> That should get you started.
>
> Dan
>
>
>
> >
> > *Jairaj Kamal*
> >
>
