-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wayne,
On 5/7/2009 5:23 PM, Andrews, Wayne wrote: > I created a new keystore, imported the root certificate from Thawte, > then the signed cert. The browser displays some self signed cert > that has expired. Wait, you signed the certificate? That's called a self-signed certificate, when you .... sign the cert ... yourself. If you are using a legitimate certificate /signed by Thawte/ and you're still getting this error, there are two possibilities that I can think of: 1. Thawte has a two-part cert, and you've only imported one of the parts. This can happen with the new-fangled EV certs (we had this problem ourselves... we had the VeriSign intermediate cert installed on our servers for years, but we required a /second/ intermediate cert in order to get the new EV cert not to complain on certain browsers (but not all... strange). 2. You aren't sending the cert you think you're sending to the browser. Use your browser to check the cert it's receiving, and check the certificate "chain", too. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoER2UACgkQ9CaO5/Lv0PAPXQCfeh1Ch8npN/x87WOwu5xO9CTJ PxQAmgM7AueeiFMzInJ1ikGz+GwMUTW+ =6AJn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
