We help IT Professionals succeed at work.

Godaddy Certificate problem Tomcat 7.0.57


I have a seemingly normal basic 7.0.57 Tomcat WebServer built. I have done a few others without this problem...

Ordered Godaddy cert after running the CSR and Keystore command below, and upon recieving the zip file, I ran the last 3 commands of the list. This has worked on other windows 2012 servers and I havent had to jump through the hoops that seems apparent with this one for some reason.

The current error when going to the site is as follows.

"A secure connection cannot be established because this site uses an unsupported protocol."

I installed all three certs, root, then intermed, then site cert. I even tried the cross cert one time, with no luck...

Here are the commands I ran.
"c:\program files\Java\jre7\bin\keytool" -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore c:\tomcat.keystore

"c:\program files\Java\jre7\bin\keytool" -certreq -keyalg RSA -alias tomcat -file c:\cert\csr.csr -keystore c:\tomcat.keystore

"c:\program files\Java\jre7\bin\keytool" -import -alias root -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\gd_bundle-g2-g1.crt"

"c:\program files\Java\jre7\bin\keytool" -import -alias intermed -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\gdig2.crt"

"c:\program files\Java\jre7\bin\keytool" -import -alias tomcat -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\xyzxyzxyzxyz.crt"

Any help would be greatly appreciated.

Watch Question

just reran all of the commands and rekeyed again, started over completely.

New error now.

This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.

Any ideas?

David Johnson, CDSimple Geek from the '70s
Distinguished Expert 2019

where did the client get its certificate?  if from a local ca did you add the root and issuing CA certificates to the trusted certificate root store?
Top Expert 2015

Setup differs. Yours is correct for apache java connector. If you install tcnative apr connector you need to use OpeNSSL crt/key/chain.


Download root/intermed from repository