PositiveSSL on Tomcat - Comodo install doc out-of-date?



Says I’m to receive 4 files. Well, I got three. When I try to download ‘UTNAddTrustServerCA.crt’ from https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=4&pcid=1&nav=0,1 it says ‘used between Sept 2006 & 23 February 2012.’ We have 2014 now, I believe…

Back to my story, got some problems… Ordered 5 year PositiveSSL and got (substituted my real domain name with ‘domain’ henceforth) :


Imported :

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore domain.keystore
keytool -import -trustcacerts -alias POSITIVESSL -file PositiveSSLCA2.crt -keystore domain.keystore
keytool -import -trustcacerts -alias www.domain.com -file www_domain_com.crt -keystore domain.keystore

keytool list gives :

‘Your keystore contains 4 entries’

root, 12-01-2014, trustedCertEntry,
Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
positivessl, 12-01-2014, trustedCertEntry,
Certificate fingerprint (SHA1): 94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F
mykey, 11-01-2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): D1:C8:E1:88:CD:08:8E:13:23:10:BF:95:56:1D:1E:68:56:71:CD:D7
www.domain.com, 12-01-2014, trustedCertEntry,
Certificate fingerprint (SHA1): 84:A4:90:05:96:81:3F:C5:CF:06:FC:46:75:9F:7A:2D:60:86:DB:73

but Tomcat still keeps telling me that I’m using a self-signed certificate due to expire in 3 months.

Anybody, any ideas? Would appreciate it.



You really should be using these instructions: Certificate Installation: Java Based Web Servers (Tomcat) using keytool - Powered by Kayako Help Desk Software

It would also seem as if you need to re-import your certificate with the ‘alias’ of ‘mykey’ instead of ‘www.domain.com’. Once you correct that, Tomcat should work just fine.

Hello Sal,

Bless you! That worked. Documentation right on the spot. Finally!!! Thanks!!!