Chris, Here is the first few lines of the output.. I don't think I want to copy my entire cert here.
_______________________________________________________________________________ F:\Serena\Dimensions 2009 R2\Common Tools\jre\6.0\bin>keytool -list -v -keystore wcmdev-ssl.jks -alias tomcat Enter keystore password: Alias name: tomcat Creation date: Nov 10, 2011 Entry type: trustedCertEntry Owner: CN=wcmdev.nexweb.us, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Thanks, Justin LaRose Database & Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org> Date: 12/13/2011 03:08 PM Subject: Re: Tomcat crashes after startup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin, On 12/13/11 8:35 AM, Justin Larose wrote: > I actually followed the document here: > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am > using Tomcat 6. Okay. You just hadn't mentioned that (version) before. > I also did import the cert with the alias "tomcat" (see screenshot > below). Is there an order in which to import the certs? I imported > the server cert first, then the CA, then the root cert. Your screenshot has been suppressed from the list. Instead, can you post a text copy/paste for a "keytool -list"? > "I would advise against using the same keystore for both the > "keystore" and the "truststore". The trust store is only used for > validating client certificates and, IMO, should be kept separate > from the certificates you use for the web service itself." > > These config settings were in place long before I worked here... I > was just copying the info from the old server.xml and adding in the > new keystore info. If we do not Use any client certs can I remove > the truststore line? Almost certainly. You probably want to fix one problem at a time, though. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7nsIkACgkQ9CaO5/Lv0PD1EgCeNlYJ1udAFvbU4LGOw0lAxrKc s/0An3XMoGo1WCkYjRe7OhJ9gkdj1GlK =ANqY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
