Godaddy Certificate problem Tomcat 7.0.57

Hi,

I have a seemingly normal basic 7.0.57 Tomcat WebServer built. I have done a few others without this problem...

Ordered Godaddy cert after running the CSR and Keystore command below, and upon recieving the zip file, I ran the last 3 commands of the list. This has worked on other windows 2012 servers and I havent had to jump through the hoops that seems apparent with this one for some reason.

The current error when going to the site is as follows.

"A secure connection cannot be established because this site uses an unsupported protocol."
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I installed all three certs, root, then intermed, then site cert. I even tried the cross cert one time, with no luck...

Here are the commands I ran.
_____________________________________________
"c:\program files\Java\jre7\bin\keytool" -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore c:\tomcat.keystore

"c:\program files\Java\jre7\bin\keytool" -certreq -keyalg RSA -alias tomcat -file c:\cert\csr.csr -keystore c:\tomcat.keystore

"c:\program files\Java\jre7\bin\keytool" -import -alias root -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\gd_bundle-g2-g1.crt"

"c:\program files\Java\jre7\bin\keytool" -import -alias intermed -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\gdig2.crt"

"c:\program files\Java\jre7\bin\keytool" -import -alias tomcat -keystore "c:\tomcat.keystore" -trustcacerts -file "c:\xyzxyzxyzxyz.crt"

Any help would be greatly appreciated.

Thanks,
jcorso1313Asked:
Who is Participating?
 
jcorso1313Author Commented:
just reran all of the commands and rekeyed again, started over completely.

New error now.

This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT

Any ideas?

Thanks
0
 
David Johnson, CD, MVPOwnerCommented:
where did the client get its certificate?  if from a local ca did you add the root and issuing CA certificates to the trusted certificate root store?
0
 
gheistCommented:
Setup differs. Yours is correct for apache java connector. If you install tcnative apr connector you need to use OpeNSSL crt/key/chain.
0
 
jcorso1313Author Commented:
Download root/intermed from repository
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.