Crypto Sal, Thank you so much!
That was apparently the problem. I got a new certificate from GoDaddy and once it was installed webui ran with no problems. Thanks for all your help. Don -- Don Prezioso Director of Administrative I.T. Ashland University Ashland, Ohio -----Original Message----- From: Crypto Sal [mailto:crypto....@gmail.com] Sent: Wednesday, August 26, 2009 10:03 PM To: users@tomcat.apache.org Subject: Re: SSL with multiple Tomcat instances Don, I think we found our culprit. (Java). The reason that "webadvisor" works, because it functions like a true server, your browser is speaking directly to the web server. "webui" is failing due to Java not trusting the IPS root certificate (which doesn't exist by default in Java 3-6+) Most people should have Java 5 or 6 installed, with some still using Java3(rare) or Java4(some linux people and older Windows users).Java5 is soon to be deprecated by Sun. As you may already know, Java compiling is done client-side vs. server side for your applet. So all of your users must have the IPS root installed in their instance of Java for this cert to work. There's a way to do it, but it is not all that practical. (adding root certs to Java on ALL clients, which may beyond your control) Your best bet is to go with a more ubiquitous Commercial CA (Comodo, Versign, Thawte, GoDaddy, etc.), which would be ones that extend much further than Web Browsers. Java's default cert store is in a file called "ca-certs", which is located in the security folder of where java resides. A simple "locate cacerts" will reveal its locate on the server. >From here you can do a "keytool -v -list -keystore PATH_TO_KEYSTORE > OUTPUT_FILE ", keystore pass is "changeit", by default. Multiple versions of Java can exist on the same machine, if you would like to see which CAs are more ubiquitous for your installation. --Sal --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
