<![CDATA[Latest posts for the topic "GoDaddy Certificate Installation - Very Difficult"]]> http://www.sysaid.com/Sysforums/posts/list/57.page JForum - http://www.jforum.net GoDaddy Certificate Installation - Very Difficult
I think this shows that I've successfully imported the certificates into my keystore:

C:\Program Files\SysAidServer\jre\bin>keytool -list -keystore "c:\program files\
sysaidserver\tomcat.keystore"
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

root, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D5F:85:B7:9A:52:871:8C5:0F:90:23:2D:B5:34
helpdesk2012, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): DF:AD:9E:FE:13:7E:6E:12:8D:0F:55:1A:2A:4D7:6A
xxxx2012, Apr 4, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): D5:5A:FF:9B:64:66:0F:1C:18:92:FD:C3:4D:38:07:A8

The relevant server.xml text is this:

<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\tomcat.keystore"
keyAlias="xxxx2012"/>

as you can see, I'm testing using the keyAlias statement. The one shown references the selfsigned portion of the keystore file. If I delete the keyAlias, the result is the same...it only shows the self signed certificate thus causing an error with the browser.

If I reference the keyAlias helpdesk2012 which is a godaddy certificate running from 2012 to 2013 the site practically goes dark.

So, I cannot seem to get a purchased certificate to work. But I can get a self-signed one to work. But it's only good for 90 days and still causes an error in the browser...the one thing I was trying to eliminate.

Suggestions?

Thanks.

Adam in Washington, DC

]]> http://www.sysaid.com/Sysforums/posts/preList/8302/34140.page http://www.sysaid.com/Sysforums/posts/preList/8302/34140.page GMT