SSL Configuration for tomcat 8











up vote
-1
down vote

favorite












I have followed below steps to make tomcat https/ssl. please correct the steps if they are wrong, as I am facing issues while accessing the url.



1) keytool -genkey -alias tomcat -keyalg RSA -keystore uat_application
2) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore uat_application



After above steps, I have sent the generated CSR to our company CA authority to generate certificate. The CA is local to our company.



3) After, I received certificate from our CA. I have imported all root, intermediate and certificate to keystore using below commands.



a) keytool -import -alias root -keystore uat_application -trustcacerts -file root.cer
b) keytool -import -alias intermediate -keystore uat_application -trustcacerts -file intermediate.cer
c) keytool -import -alias tomcat -keystore uat_application -file certnew.cer



Below is the error that we are receiving.



In IE :- The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID



In Chrome :- NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is pg1tedmsw03; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection



when accessed locally on the server :-
The security certificate presented by this website was issued for a different website's address



please suggest.






windows google-chrome internet-explorer ssl tomcat8







share|improve this question






















  • double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
    – Eugène Adell
    Nov 19 at 12:47










  • Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
    – praveenkolluri
    Nov 20 at 6:50










  • You need to check the CN
    – Eugène Adell
    Nov 20 at 8:52










  • CN looks fine with correct value as required
    – praveenkolluri
    Nov 20 at 8:56















up vote
-1
down vote

favorite












I have followed below steps to make tomcat https/ssl. please correct the steps if they are wrong, as I am facing issues while accessing the url.



1) keytool -genkey -alias tomcat -keyalg RSA -keystore uat_application
2) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore uat_application



After above steps, I have sent the generated CSR to our company CA authority to generate certificate. The CA is local to our company.



3) After, I received certificate from our CA. I have imported all root, intermediate and certificate to keystore using below commands.



a) keytool -import -alias root -keystore uat_application -trustcacerts -file root.cer
b) keytool -import -alias intermediate -keystore uat_application -trustcacerts -file intermediate.cer
c) keytool -import -alias tomcat -keystore uat_application -file certnew.cer



Below is the error that we are receiving.



In IE :- The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID



In Chrome :- NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is pg1tedmsw03; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection



when accessed locally on the server :-
The security certificate presented by this website was issued for a different website's address



please suggest.






windows google-chrome internet-explorer ssl tomcat8







share|improve this question






















  • double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
    – Eugène Adell
    Nov 19 at 12:47










  • Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
    – praveenkolluri
    Nov 20 at 6:50










  • You need to check the CN
    – Eugène Adell
    Nov 20 at 8:52










  • CN looks fine with correct value as required
    – praveenkolluri
    Nov 20 at 8:56













up vote
-1
down vote

favorite









up vote
-1
down vote

favorite











I have followed below steps to make tomcat https/ssl. please correct the steps if they are wrong, as I am facing issues while accessing the url.



1) keytool -genkey -alias tomcat -keyalg RSA -keystore uat_application
2) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore uat_application



After above steps, I have sent the generated CSR to our company CA authority to generate certificate. The CA is local to our company.



3) After, I received certificate from our CA. I have imported all root, intermediate and certificate to keystore using below commands.



a) keytool -import -alias root -keystore uat_application -trustcacerts -file root.cer
b) keytool -import -alias intermediate -keystore uat_application -trustcacerts -file intermediate.cer
c) keytool -import -alias tomcat -keystore uat_application -file certnew.cer



Below is the error that we are receiving.



In IE :- The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID



In Chrome :- NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is pg1tedmsw03; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection



when accessed locally on the server :-
The security certificate presented by this website was issued for a different website's address



please suggest.






windows google-chrome internet-explorer ssl tomcat8







share|improve this question













I have followed below steps to make tomcat https/ssl. please correct the steps if they are wrong, as I am facing issues while accessing the url.



1) keytool -genkey -alias tomcat -keyalg RSA -keystore uat_application
2) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore uat_application



After above steps, I have sent the generated CSR to our company CA authority to generate certificate. The CA is local to our company.



3) After, I received certificate from our CA. I have imported all root, intermediate and certificate to keystore using below commands.



a) keytool -import -alias root -keystore uat_application -trustcacerts -file root.cer
b) keytool -import -alias intermediate -keystore uat_application -trustcacerts -file intermediate.cer
c) keytool -import -alias tomcat -keystore uat_application -file certnew.cer



Below is the error that we are receiving.



In IE :- The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID



In Chrome :- NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is pg1tedmsw03; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection



when accessed locally on the server :-
The security certificate presented by this website was issued for a different website's address



please suggest.






windows google-chrome internet-explorer ssl tomcat8




windows google-chrome internet-explorer ssl tomcat8






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 19 at 11:45









praveenkolluri

123




123












  • double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
    – Eugène Adell
    Nov 19 at 12:47










  • Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
    – praveenkolluri
    Nov 20 at 6:50










  • You need to check the CN
    – Eugène Adell
    Nov 20 at 8:52










  • CN looks fine with correct value as required
    – praveenkolluri
    Nov 20 at 8:56


















  • double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
    – Eugène Adell
    Nov 19 at 12:47










  • Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
    – praveenkolluri
    Nov 20 at 6:50










  • You need to check the CN
    – Eugène Adell
    Nov 20 at 8:52










  • CN looks fine with correct value as required
    – praveenkolluri
    Nov 20 at 8:56
















double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
– Eugène Adell
Nov 19 at 12:47




double clic on the certificate file (if it's a .cer or .der) and see for which domain it is. Check this is really the domain you are trying to access.
– Eugène Adell
Nov 19 at 12:47












Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
– praveenkolluri
Nov 20 at 6:50




Thanks for your response on this, may I know which property in the certificate details tab will give the domain information. Is it CN? OU? DC? in the Issuer property
– praveenkolluri
Nov 20 at 6:50












You need to check the CN
– Eugène Adell
Nov 20 at 8:52




You need to check the CN
– Eugène Adell
Nov 20 at 8:52












CN looks fine with correct value as required
– praveenkolluri
Nov 20 at 8:56




CN looks fine with correct value as required
– praveenkolluri
Nov 20 at 8:56

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373951%2fssl-configuration-for-tomcat-8%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373951%2fssl-configuration-for-tomcat-8%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Feedback on college project

Image
5 0 $begingroup$ I would appreciate some feedback regarding best practices on the following code for a college project. What should go in the controller and what in the views? How to attach and remove the views to the single main frame? Change the Controller after successful login? Studentenverwaltung.java package com.studentenverwaltung; import com.studentenverwaltung.controller.LoginController; import com.studentenverwaltung.model.User; import com.studentenverwaltung.view.LoginView; import javax.swing.*; import java.awt.*; class Studentenverwaltung implements Runnable { public static void main(String args) { EventQueue.invokeLater(new Studentenverwaltung()); } @Override public void run() { User user = new User(); LoginView loginView = new LoginView(u...
Read more

Futebolista

Image
Ronaldo primeiro jogador a ser eleito por três vezes o melhor jogador do mundo pela FIFA. Ronaldinho Gaúcho atuando pelo Barcelona onde foi duas vezes eleito o melhor jogador do mundo pela FIFA. Kaká atuando pelo Milan onde foi eleito em 2007 o melhor jogador do mundo pela FIFA. Lothar Matthäus primeiro jogador a ser eleito o melhor jogador do mundo pela FIFA em 1991 pela Inter de Milão. Neymar durante partida contra a Escócia, em 27 de março de 2011. Crianças praticando futebol. Robinho, futebolista brasileiro, em 15 de novembro de 2006. Atletas do Chelsea, da Inglaterra. A venda de camisas com nome e número dos jogadores é uma grande fonte de arrecadação. Jürgen Klinsmann atuou como jogador e foi treinador da Alemanha. Estádio de futebol, principal local onde laboram os jogadores. O jogador de futebol , ou Futebolista , é um atleta profissional de futebol, e cuja prática do desporto coletivo é fundamental. Estes trabalhadores sã...
Read more

Albești (Vaslui)

Image
Coordenadas: 46 42 ºN 27 33 ° L Albeşti      Comuna    Região histórica Moldávia Distrito Vaslui Área  - Total 59,10 km² População (2007)  - Total 3 303     • Densidade 55,9 hab./km² Sítio www.albesti.ro/ Albeşti é uma comuna romena localizada no distrito de Vaslui, na região de Moldávia. A comuna possui uma área de 59.10 km² e sua população era de 3303 habitantes segundo o censo de 2007. [ 1 ] Referências ↑ «População em 1 de janeiro de 2009». INSSE   Distrito de Vaslui da Romênia Municípios Vaslui | Bârlad | Huşi Cidades Murgeni | Negreşti Comunas Albeşti | Alexandru Vlahuţă | Arsura | Banca | Băcani | Băceşti | Bălteni | Berezeni | Blăgeşti | Bogdana | Bogdăneşti | Bogdăniţa | Boţeşti | Buneşti-Avereşti | Ciocani | Codăeşti | Coroieşti | Costeşti | Cozmeşti | Creţeşti | Dăneşti | Deleni | Deleşti | Dimitrie Cantemir | Dodeşti | Dragomireşti...
Read more