Since I can't get the cert tree, I'm guessing the same problem: Only this time with the JDK's stored certs. Configuring the <Connector ... /> to force sending the good intermediate cert should solve all of the problems.
In all the gory details, it seems that at the moment the app in question is only sending it's own cert back to the browser (instead of the entire chain). However all browsers recognize Verisign's cert as a signer, so they don't care. Older browsers (or JDKs :) will have the expired copy of VS's intermediate cert, and so can't validate the cert chain anymore, and so will give an error (those of us using Apache Httpd have had this problem for awhile now :). The solution is to force TC to send the newer intermediate cert back with the handshake, so the browser/JDK only has to find the root VS cert. "Caldarale, Charles R" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker > Subject: Re: Can APR use verisign certs ? > > Now, with IE 7 (I was using 6 before), the page comes up fine. What happens if you click on the JBoss Web Console link (bottom left)? When I try it with IE7 (and IE6, for that matter), I get a Java message box stating "The web site's certificate cannot be verified." Clicking the More Information link shows "The certificate was issued by a source that is not trusted." Clicking on No prevents the applet that normally runs in the left pane from being downloaded. (This is with both JDK 1.6.0-b105 and 1.5.0_10-b03, by the way.) I think there are multiple certificate verification mechanisms at play here, which may be contributing to the confusion. Windows/IE has one, Firefox appears to have its own, and Java yet another. It seems that only the Windows/IE mechanism recognizes the dpt.alphatheory.com certificate as being issued by a known, trusted provider. I don't know enough about what actually gets checked to try to figure out why the alphatheory certificate issuer isn't known to Firefox or Java. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
