-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tad,
On 3/10/16 4:03 PM, Tad Marko wrote: > Is it possible to tell tomcat to NOT send the root for a > certificate chain? Yep. > I am trying to support some old VeriFone terminals that are pretty > limited what they expect when dealing with SSL. I've gotten a new > domain certificate issued by Go Daddy, and in my keystore I've > installed this along with the Go Daddy intermediate cert and the > cross that links it back to the older SHA-1 root that my devices > understand. When negotiating an SSL connection, tomcat is sending > the domain, intermediate and cross certs that are in my keystore, > but it is also finding the root and sending that down. This is > confusing my devices as they interpret this to mean this is a > self-signed key chain and they then refuse to talk to my server. Just remove the root cert from your keystore, and Tomcat will stop sending it. If you have further questions, please post the output of the following command in your next post: $ keytool -keystore <keystore> -list - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlbh7jYACgkQ9CaO5/Lv0PCSdACfbKVVaStFZ+hkmftdHnHhvZrp UYwAoKSoHTTHZW/FeVlJVW7ysp7tpVGu =qllo -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
