Can't get SSL/CA working with SDP
Hi,
My company has recently got some proper CA certs. I've gone through the process detailed in the FAQ several times, following the directions to the letter, and just can't seem get things working.
I created the keystore file and sent a CSR to my cert authority (StartCom). Note that StartCom requires minimum 2048 lenth SHA1 encrypted CSR's, so I simply added "-sigalg DSA -length 2048". I received the certificate file back for my site (support.mydomain.com). I've imported StartCom's root Certificate as well as their intermediate certificate. That seems to work just fine. However, when I import my primary certificate for my domain (support.mydomain.com), it never gives me expected message "Certificate reply was installed in keystore" that the FAQ says I should get. Needless to say, when I put this keystore file into the appropriate live directories and restart the service (as change the keystore password in the server.xml file), I can't connect to the site. IE/FF simply give me generic connection error screens. If I revert back to the original keystore file, I can get it working again under the original self-signed cert.
Like I said, I think the core problem here is that when I install the support.mydomain.com cert under the tomcat alias, I get no prompts/messages whatsoever. It just says it imported successfully (when in theory I should be getting the message about the certificate reply).
Thoughts?
My company has recently got some proper CA certs. I've gone through the process detailed in the FAQ several times, following the directions to the letter, and just can't seem get things working.
I created the keystore file and sent a CSR to my cert authority (StartCom). Note that StartCom requires minimum 2048 lenth SHA1 encrypted CSR's, so I simply added "-sigalg DSA -length 2048". I received the certificate file back for my site (support.mydomain.com). I've imported StartCom's root Certificate as well as their intermediate certificate. That seems to work just fine. However, when I import my primary certificate for my domain (support.mydomain.com), it never gives me expected message "Certificate reply was installed in keystore" that the FAQ says I should get. Needless to say, when I put this keystore file into the appropriate live directories and restart the service (as change the keystore password in the server.xml file), I can't connect to the site. IE/FF simply give me generic connection error screens. If I revert back to the original keystore file, I can get it working again under the original self-signed cert.
Like I said, I think the core problem here is that when I install the support.mydomain.com cert under the tomcat alias, I get no prompts/messages whatsoever. It just says it imported successfully (when in theory I should be getting the message about the certificate reply).
Thoughts?