SSL Cert Error - Mismatched Address

Hi all,

I have just setup a new Tomcat installation and created a keystore, created a CSR, created the Cert (using our internal CA), imported the root cert into the keystore and then the site cert into the keystore (alias www.somesite.ourdomain.ca). Looks like I've created everything correctly - no errors during any of these steps. However, when I load the site, I get "Certificate Error: Mismatched Address". I thought that I just needed to add a Host name entry into the server.xml conf file to include www.somesite.ourdomain.ca but I'm missing something. Can someone help me with this? What am I overlooking? As you can tell, I'm new to Tomcat :-)

Thanks

If this is the message I think it is, the hostname on the SSL cert doesn't match the hostname that you're serving it from.

When you generate your cert request with the Java keytool it asks you a series of questions.
One of them is your first and last name (which is misleading).
What it really wants there is the domain name. If that doesn't match the domain of your server you will get this message.

For instance, if you were generating a key for www.acme.com your keytool session would look like:
[bsouther@bsouther ssl]$ keytool -genkey -alias tomcat -keyalg RSA -keystore ./keystore Enter keystore password: myPassword What is your first and last name? [Unknown]: www.acme.com What is the name of your organizational unit? [Unknown]: asp What is the name of your organization? [Unknown]: fwdco What is the name of your City or Locality? [Unknown]: Plymouth What is the name of your State or Province? [Unknown]: Massachusetts What is the two-letter country code for this unit? [Unknown]: US Is CN=localhost, OU=asp, O=fwdco, L=Plymouth, ST=Massachusetts, C=US correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password):