-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin,
On 12/12/11 3:49 PM, Justin Larose wrote: > I edited the connector with the information for the new certificate > I just installed (not the old self signed one) and now I am seeing > this error: > > [snip] > > java.io.IOException: Alias name tomcat does not identify a key > entry You need to have a key in your keystore with the alias "tomcat" as well. If you have been following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration, you have either missed or misinterpreted a step. > <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" > disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat" > keystoreFile="conf/wcmdev-ssl.jks" keystorePass="****" > maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" > minSpareThreads="25" port="8443" scheme="https" secure="true" > sslProtocol="TLS" strategy="ms" > truststoreFile="conf/wcmdev-ssl.jks" truststorePass="****"/> I would advise against using the same keystore for both the "keystore" and the "truststore". The trust store is only used for validating client certificates and, IMO, should be kept separate from the certificates you use for the web service itself. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7mcdgACgkQ9CaO5/Lv0PBsDACfTjv3vJqiBMdl3v1TInDyRYku gIsAnjVQNgh4eyeH2tSwyfSIeIN4GsDJ =XlwU -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
