On Thu, Mar 10, 2016 at 3:59 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > Tad, > > On 3/10/16 4:03 PM, Tad Marko wrote: > > Is it possible to tell tomcat to NOT send the root for a > > certificate chain? > > Yep. > > ... > > Just remove the root cert from your keystore, and Tomcat will stop > sending it. > > If you have further questions, please post the output of the following > command in your next post: > > $ keytool -keystore <keystore> -list >
The CA is not in my keystore: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries my.domain.tld, Mar 10, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): AE:DB:AF:8D:19:D6:38:D8:EB:5A:C1:5D:E6:D2:C4:8B:5F:58:84:6F intermed, Mar 10, 2016, trustedCertEntry, Certificate fingerprint (SHA1): 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 cross, Mar 10, 2016, trustedCertEntry, Certificate fingerprint (SHA1): 34:0B:28:80:F4:46:FC:C0:4E:59:ED:33:F5:2B:3D:08:D6:24:29:64 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
