Peter, Thanks for the reply. When I first started having this problem I was actually using a single keystore for both certificates. Yes there is both an intermediate and a root certificate that get loaded in the keystore, and I'm sure, at least when I was using a single keystore that they were loaded correctly because the other instance (and certificate) were working correctly.
With the second instance using a separate keystore, I get the same results whether the intermediate certificate is loaded in the keystore or not. That makes me think that somehow the second instance of Tomcat can't access the intermediate certificate, but somehow the first instance doesn't have that trouble? Don -- Don Prezioso Director of Administrative I.T. Ashland University Ashland, Ohio -----Original Message----- From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Sent: Thursday, August 20, 2009 4:40 PM To: Tomcat Users List Subject: Re: SSL with multiple Tomcat instances 2009/8/20 Don Prezioso <dp...@ashland.edu>: > I have two instances of Tomcat 5.5 set up on a Red Hat box, each using > separate IP addresses. I have obtained two certificates, one for each > instance, and have put them in separate keystores. Both certificates are from > IPSCA and both keystores have been set up in the same manner. Each keystore > is properly referenced in the associated server.xml > > The first instance (on eth0) is working with no problems. The second instance > (on eth0:0), appears to work fine in IE, but when I connect using Firefox, > Chrome, or Safari, I get the message: > > The web site's certificate cannot be verified. Do you want to continue? The > certificate cannot be verified by a trusted source. > > When I view the certificate, it appears valid. If I click on 'Yes', then > check the certificate, it says it is 'Verified by: IPS Certification > Authority s.l.' and again, all appears fine. > > Any ideas on why I am only getting the warning only on the second instance? I > can't believe it is an issue with IPSCA since the first instance does not > exhibit the problem. Hmm. This probably won't help you, but I recently had exactly those symptoms when I hadn't installed the intermediate certificate for a GlobalSign cert on an IIS server. IE didn't care; everything else got upset. Do IPSCA use intermediate certs? If so, are you *sure* they're installed correctly on both keystores? ;-) - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
