Hi,
I am trying to configure Tomcat 8.0.36 with SSL and running into some issues.
The JDK version I am using is 1.8.0_64. I used the following process to
implement SSL:
1. Generated a java key store using the following command:
${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA -keysize 2048 \
-keystore [key-store-path]/keystore.jks -dname "CN=[common-name],OU=[org-unit],
O=[company-name], L=[city], ST=[state], C=US"
2. Generated CSR using the following command:
${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
[key-store-path]/[csr-file-name] \
-keystore [key-store-path]/keystore.jks
3. Requested certificate from COMODO.
4. Imported all Trusted certificates from COMODO into the key store using
command. There were a total of three trusted certificates that we received from
COMODO:
${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name] -file
[ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
5. Modified Tomcat's server.xml file as shown below:
<Connector port="[ssl-port]"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="[key-store-path]/keystore.jks"
keystoreType="JKS" keystorePass="[key-store-password]" />
6. Restarted Tomcat.
7. Accessed the Tomcat homepage from the browser using https and the
browser complained about page being insecure. When I looked at the certificate
from the browser, I see that the Certificate Path tab of the certificate shows
that the trusted chain is incomplete and does not show the trusted certificates
that I had imported into the key store.
What am I missing here? Any help will be appreciated.
Thank you,
Amir
