Hi, Attached find the error coming in browser,looks to be issue with Root certificate. Also we tried PKCS#12 format certs but getting below Error
D:\Program Files (x86)\Java\jdk1.6.0_27\bin>keytool -import -alias nedr2wjob1_no n_prod_p7b -keystore C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keysto re -file C:\Users\svcr2wadmin\nedr2wqajob1\nedr2wjob1_non_prod.p7b Enter keystore password: *keytool error: java.lang.Exception: Input not an X.509 certificate* *Jairaj Kamal* On Mon, May 4, 2015 at 9:48 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Jairaj, > > On 5/4/15 10:38 AM, jairaj kamal wrote: > > Hi, Please find my response inline as below. Also *this is for > > Tomcat version 6* > > > > 1.) Include the <Connector /> tag from `conf/server.xml` so we can > > see how you've configured Tomcat - Below is what I added <Connector > > port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" > > scheme="https" secure="true" > > > > keystoreFile="C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.key > store" > > > > > keystorePass="report2web" clientAuth="false" sslProtocol="TLS" /> > > > > 2.) Include the exact version of Tomcat you're using - Tomcat > > version 6 > > There have been 43 versions of Tomcat 6 released. Which one? > > Are you using the APR-enabled connector or the JSSE one? Since you are > using a Java Keystore, I'm assuming JSSE, but it's worth asking; the > setup is completely different for the two. > > > 3.) Are you connecting directly to Tomcat or is there an HTTPD or > > some other server acting as a reverse proxy in between? - *not by > > HTTPD but Connecting via url https://hostname:8443/r2wpublisher/ > > <https://hostname:8443/r2wpublisher/>* > > > > 4.) Look at the certificate as displayed by your browser. In > > Chrome, click the lock in the tool bar, other browsers are similar. > > Look at the details on the certificate and see what certificate > > you're being presented. Is it the once that you purchased? or > > perhaps an older self-signed on? - *Yes this is what I purchased > > but its displays error as "This CA Root certificate is not trusted > > because it is not in the Trusted Root Certification Authorities > > store."* > > What is the certificate chain that Chrome shows you? Start with your > own certificate and go up toward the root CA. Does it show every > certificate that you put into your keystore? Perhaps you are missing > one or more intermediate certificates. > > > *Earlier I used below commands to configure SSL* > > > > #Keystore creation keytool -genkey -alias report2web -keyalg RSA > > -keystore > > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore #CSR > > generation keytool -certreq -keyalg RSA -alias report2web -file > > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.csr -keystore > > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > > > > #Root Certificate Import keytool -import -alias root -keystore > > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > > -trustcacerts -file C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer > > > > #SSL Certificate Import keytool -import -alias nedr2wqajob1 > > -keystore > > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keystore > > -file C:\Users\svcr2wadmin\nedr2wqajob1\TestCA.cer > > At some point, you need to re-import your own certificate. Which > certificate is the one you got signed? TestCA.cer or TestRoot.cer? > Also, nearly every certificate authority requires that you install an > "intermediate" certificate between your cert and the CA's root cert. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVR4bUAAoJEBzwKT+lPKRYXbYQAIHG5Xs1/NJixM6nPwhPOgWm > hnVdHXykk11+/fBIjs/ooS4iyNTkUqtACGFT8VCPQVA4/P/90aOnoSuVzaKLFZ3a > nJkqdV0xDiLFuqzdb2I2alNvwMAYvNMApgG1yjuBiusq/fbjQFNUIP+8FVce4sP2 > za4O5ZNw42GkWLaIvOXQuY4jaOS7Gg/CJnI+igU4QkEGN5At40s5Rgf2IuVUo0Dk > R65ywzn9yTYsNjNzy2w/QtxZkY7qn9h0gfenKL6XUFR35t2ppSDO8uNKxvotKuj6 > 5ahVHcfSnSxsFB2LISFbNH4H67hGpYgNaUL1Ox758zTD9jZ5jFXG2RBfb+gfav4W > FocCZXG38lWfCcaDcMZhi+s/shTACWOvXmf14gJNeCqYRz92rVm3+y0moMj5by+S > VWwvbaL3ga3pvxqx8ALtFXBffCDiiFBy2QnxYNOBqefoK9jyFnOMnPuf+nyBsqfZ > XXvU640p/LXIEfTn0vtPuVF4C1k0nzFOQiHRIxCCbh26mxd1PwiS55Xhfto6QiXn > 9LwBQnJuSVypGs9A4us+6z6kPlSQXq+i03CO8h7A91gCVnqoaQ2GPK1tJQ/IA5RX > t49PtHq688UFOUrf/7GQMiJy5uE0ESxCruPlRndcPgh67gXw30aNKy3Wf7nzFfwy > VE7gxva/v8YJqGhMP25L > =nzQT > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
