Question

Using wildcard certificates to secure application URL

Hi, I am using a wildcard certificate in the form of a .pfx file to secure my application URL on Apache Tomcat 7, but even after the certificate is initialized, it still shows up as "Not Secure".

Use the following configuration in the Server.xml of Tomcat:

<Connector port="8989" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"

acceptCount="100" scheme="https" SSLEnabled="true" secure="true" clientAuth="false" sslProtocol="TLS"

keystoreFile="***.pfx"

keystorePass="******" keystoreType="PKCS12"/>

***Edited by Moderator: Lochan to update platform capability tags***

Comments

Keep up to date on this post and subscribe to comments

Pega
September 30, 2019 - 11:26am

Hi,

As per https://www.mkyong.com/tomcat/how-to-configure-tomcat-to-support-ssl-or-https/ this is caused by the self-signed certificate and Google chrome just do not trust it.

In production environment, you should consider buy a signed certificate from trusted SSL service provider like verisign or sign it with your own CA server.

Thanks