Originally, my cert expired but i can still access my website(https://mysite.com:8443/app) with the expiration cert status displayed by IE. With that in mind, I know ssl connection for apache on 8443 is good. As soon as I replace the keystore file that my application uses with the new keystore file generated from my comodo signed certs I get “Internet Explorer cannot display the webpage”, even after restarting apache tomcat service. I put back the original keystore, restart apache service, site works with expired cert. So something is wrong with the keystore generated from the comodo signed certs.
===================
I generated the keystore with no errors:
keytool -genkey -keyalg RSA -keystore “C:\comodoKeys.jks” -validity 1825 -alias tomcat -keypass password123 -storepass password123
confirmed with:
Is CN=www.mysite.ca, OU=mysite, O=mysite, L=Calgary, ST=Alberta, C=
CA correct?
[no]: yes
generated the CSR with no errors:
keytool -certreq -alias tomcat -file c:\comodo.cer -keystore “C:\comodoKeys.jks” -storepass password123
submitted cer file to comodo.
recvd 3 certs from comodo:
root.cer
intermediate.cer
domain.cer
imported the 3 certs with no errors:
keytool -import -trustcacerts -alias root -file “c:\root.cer” -keystore “C:\comodoKeys.jks” -storepass password123
keytool -import -trustcacerts -alias INTER -file “c:\intermediate.cer” -keystore “C:\comodoKeys.jks” -storepass password123
keytool -import -trustcacerts -alias tomcat -file “c:\domain.cer” -keystore “C:\comodoKeys.jks” -storepass password123
=======================
chatted with support, told me to regenerate CSR, it will be my 3rd time submitting a CSR which i don’t feel will help since i’ve been copying and pasting the commands above and verifying they are each executed on 1 line at a time. also if you notice i use the storepass/keypass switches so i don’t type in the password manually
can someone shed some light please? i’ve only had class experience which was a long time ago
i’ve not tried using the right click “install certificate” in windows since it’s too general and i don’t see how you can specify aliases and storepasses.