I've learned more about keystore than I care to the last two days. But still no success.
I think this shows that I've successfully imported the certificates into my keystore:
C:\Program Files\SysAidServer\jre\bin>keytool -list -keystore "c:\program files\
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
root, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D5F:85:B7:9A:52:871:8C5:0F:90:23:2D:B5:34
helpdesk2012, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): DF:AD:9E:FE:13:7E:6E:12:8D:0F:55:1A:2A:4D7:6A
xxxx2012, Apr 4, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): D5:5A:FF:9B:64:66:0F:1C:18:92:FD:C3:4D:38:07:A8
The relevant server.xml text is this:
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
<Connector port="80" protocol="HTTP/1.1"
<!-- A "Connector" using the shared thread pool-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\tomcat.keystore"
as you can see, I'm testing using the keyAlias statement. The one shown references the selfsigned portion of the keystore file. If I delete the keyAlias, the result is the same...it only shows the self signed certificate thus causing an error with the browser.
If I reference the keyAlias helpdesk2012 which is a godaddy certificate running from 2012 to 2013 the site practically goes dark.
So, I cannot seem to get a purchased certificate to work. But I can get a self-signed one to work. But it's only good for 90 days and still causes an error in the browser...the one thing I was trying to eliminate.
Adam in Washington, DC