Re: GoDaddy SSL certificate not working with Tomcat9

Tue, 21 Mar 2023 06:00:15 -0700 

Ralph,

On 3/21/23 06:38, Ralph Grove wrote:



> [snip]
>

Alias name: tomcat
Creation date: Mar 21, 2023
Entry type: trustedCertEntry


You created a keystore with no keys.


Where is the key you used to generate the CSR? That key needs to be in 
your keystore under the alias 'tomcat' alongside the cert.



If you have both cert and key, you'll get a single entry with a single 
alias and type "PrivateKeyEntry".


-chris


Owner: CN=personalitypad.org
Issuer: CN=Go Daddy Secure Certificate Authority - G2, 
OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, 
ST=Arizona, C=US
Serial number: afa46fd8c3404384
Valid from: Sat Mar 18 17:26:57 EDT 2023 until: Sun Feb 04 12:48:29 EST 2024
Certificate fingerprints:
         SHA1: 43:33:D4:48:91:12:E2:1C:F2:E9:1C:F1:84:94:D4:24:1C:8A:C9:B9
         SHA256: 
68:9C:D5:0E:73:A4:37:3C:56:38:BA:89:ED:9B:53:71:F4:B8:C6:9B:16:B6:F5:37:5E:5E:41:85:0B:66:B1:88
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
0000: 04 82 01 6C 01 6A 00 76   00 EE CD D0 64 D5 DB 1A  ...l.j.v....d...
0010: CE C5 5C B7 9D B4 CD 13   A2 32 87 46 7C BC EC DE  ..\......2.F....
0020: C3 51 48 59 46 71 1F B5   9B 00 00 01 86 F6 9E 5A  .QHYFq.........Z
0030: 53 00 00 04 03 00 47 30   45 02 20 6E 2F 52 3D 81  S.....G0E. n/R=.
0040: 1C 46 9A 90 BC A3 4E 2E   59 09 7A A9 10 42 04 82  .F....N.Y.z..B..
0050: 73 A7 DD D1 DC 7A F8 6C   7B 51 E2 02 21 00 AC 50  s....z.l.Q..!..P
0060: 33 31 C0 34 B5 6F D7 7C   C4 41 39 29 A4 25 07 46  31.4.o...A9).%.F
0070: B7 48 C6 3E DE 2C 2E 19   CD 3A 65 A9 C0 0A 00 77  .H.>.,...:e....w
0080: 00 48 B0 E3 6B DA A6 47   34 0F E5 6A 02 FA 9D 30  .H..k..G4..j...0
0090: EB 1C 52 01 CB 56 DD 2C   81 D9 BB BF AB 39 D8 84  ..R..V.,.....9..
00A0: 73 00 00 01 86 F6 9E 5B   34 00 00 04 03 00 48 30  s......[4.....H0
00B0: 46 02 21 00 E7 46 1D A5   7C 83 89 09 EF 31 73 73  F.!..F.......1ss
00C0: 52 4C 0A BA 5A 8E BD 6B   7A 92 B8 19 5A 07 70 76  RL..Z..kz...Z.pv
00D0: BC 88 50 8C 02 21 00 A8   98 CB C7 86 B2 88 15 0E  ..P..!..........
00E0: 81 06 89 8E 2C 00 B5 93   46 A6 DF F9 E8 33 B0 C3  ....,...F....3..
00F0: 36 17 9C 16 35 A8 FD 00   77 00 DA B6 BF 6B 3F B5  6...5...w....k?.
0100: B6 22 9F 9B C2 BB 5C 6B   E8 70 91 71 6C BB 51 84  ."....\k.p.ql.Q.
0110: 85 34 BD A4 3D 30 48 D7   FB AB 00 00 01 86 F6 9E  .4..=0H.........
0120: 5B E3 00 00 04 03 00 48   30 46 02 21 00 D1 45 86  [......H0F.!..E.
0130: 4E 62 EB 88 9A 4C 79 B9   39 8E 60 E3 8B 35 5A 95  Nb...Ly.9.`..5Z.
0140: 23 B2 22 E4 BC 70 A2 6E   29 61 83 66 CA 02 21 00  #."..p.n)a.f..!.
0150: E9 89 87 3B F6 26 67 B4   52 E7 E5 39 98 2A 0F 46  ...;.&g.R..9.*.F
0160: 5C F6 E7 34 84 87 64 BC   03 9D 7E 6A C3 75 30 70  \..4..d....j.u0p


#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
   [
    accessMethod: ocsp
    accessLocation: URIName: http://ocsp.godaddy.com/
,
    accessMethod: caIssuers
    accessLocation: URIName: 
http://certificates.godaddy.com/repository/gdig2.crt
]
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 40 C2 BD 27 8E CC 34 83   30 A2 33 D7 FB 6C B3 F0  @..'..4.0.3..l..
0010: B4 2C 80 CE                                        .,..
]
]

#4: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
   CA:false
   PathLen: undefined
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
   [DistributionPoint:
      [URIName: http://crl.godaddy.com/gdig2s1-5359.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
   [CertificatePolicyId: [2.16.840.1.114413.1.7.23.1]
[PolicyQualifierInfo: [
   qualifierID: 1.3.6.1.5.5.7.2.1
   qualifier: 0000: 16 2B 68 74 74 70 3A 2F   2F 63 65 72 74 69 66 69  
.+http://certifi
0010: 63 61 74 65 73 2E 67 6F   64 61 64 64 79 2E 63 6F  cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69   74 6F 72 79 2F           m/repository/

]]  ]
   [CertificatePolicyId: [2.23.140.1.2.1]
[]  ]
]

#7: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
   serverAuth
   clientAuth
]

#8: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
   DigitalSignature
   Key_Encipherment
]

#9: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
   DNSName: personalitypad.org
   DNSName: www.personalitypad.org
]

#10: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A3 F9 3A E5 38 6D 62 89   75 E8 98 E1 08 75 72 8E  ..:.8mb.u....ur.
0010: FB 54 55 2C                                        .TU,
]
]



*******************************************
*******************************************






And this is the Tomcat configuration for the connector:
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/keystore.jks"
                  type="RSA" certificateKeystorePassword="xxxxxx" />
        </SSLHostConfig>
    </Connector>


The connector configuration looks OK.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to