3 Replies Latest reply on Apr 17, 2002 5:57 PM by Neal Sanche

    Problem with Thawte SSL certificate

    Rauli Ikonen Newbie


      We recently purchased an SSL certificate from Thawte but we now have problems getting it to work.

      When testing with self-signed certificate everything works fine but when changing to the certificate from Thawte https no longer works (the browser says server not found). Weirdest of all, Tomcat does not give any errors. (It does complain if I specify incorrect password so it does use the certificate.)

      The certificate is for www.domain.com and we're using JBoss 2.4.3 and Tomcat 3.2.3.

      If you have any ideas, please let me know.

      Rauli Ikonen

        • 1. Re: Problem with Thawte SSL certificate
          Neal Sanche Newbie

          Does the browser contain the CA certificate for Thawte? Usually browsers contain all of the top level CAs by default, but maybe you just have to import Thawte's CA cert?


          • 2. Re: Problem with Thawte SSL certificate
            Rauli Ikonen Newbie

            I first tested with IE6 so the browser most likely contains the certificate. Yet, I got an interesting error message when I tried to contact the server with Netscape. It says that "Netscape and this server cannot communicate securely because they have no common encryption algorithms".
            I still don't know how to fix the problem though.

            - Rauli

            • 3. Re: Problem with Thawte SSL certificate
              Neal Sanche Newbie

              I assume you've gone through and made sure all of the encryption algorithms were enabled in the browser... I've been having no problems with SSL connections with JBoss 3.0 so far. I've even modified the jetty-plugin.sar file so that SSL is the only way to connect to one of my applications. I had to unjar it, and modify the jboss-service.xml file to have the correct statements for enabling the SSL by uncommenting the listener block, and making sure it could find the keystore with the certs in it. It seems to need the alias to be 'tomcat' I think. I also put a bunch of CA certificates in there for testing the UseClientAuth option for Jetty.

              I hope there's some ray of hope for you in this information?