Our wildcard certificate works fine on apache webservers, but when we configure it to work in tomcat it become unable to call service from another service and ssl online validation tools reports errors.
For ex., User in WEB browser can open website running on a tomcat, but when we try to validate our website, ex. We got SSL chain error:
https://www.sslshopper.com/ssl-checker.html#hostname=https://maksatnespeja.ur.gov.lv/
on Apache webserver we got correct validation
https://www.sslshopper.com/ssl-checker.html#hostname=https://www.ur.gov.lv/
We also have tried to add certificates like described here: https://uk.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Solution was without success:
We have these set of certificates in our tomcat keystore:
- CN=*.ur.gov.lv,OU=Domain Control Validated (13:F3:53:4B:23:AF:A6:8D:7D:B3:E0:B2:B8:EB:EA:D3:EF:68:4E:FA:74:00:08:93:76:8F:EE:CB:2A:8D:B5:A)
- Go Daddy Root Certificate Authority - G2 (3A:2F:BE:92:89:1E:57:FE:05:D5:70:87:F4:8E:73:0F:17:E5:A5:F5:3E:F4:03:D6:18:E5:B7:4D:7A:7E:6E:CB)
- Go Daddy Secure Certificate Authority - G2 (97:3A:41:27:6F:FD:01:E0:27:A2:AA:D4:9E:34:C3:78:46:D3:E9:76:FF:6A:62:0B:67:12:E3:38:32:04:1A:A6)
- Go Daddy Class 2 Certification Authority (C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4)
- *.ur.gov.lv certificate key pair
Please guide me, what else I need to add/remove/replace in my keystore to get certificates validate correctly in tomcat environment.
