Our ADSelfService portal was using a certificate which gave errors with Chrome and Firefox (“Server has a weak ephemeral Diffie-Hellman public key”), so I bought a new certificate.
I created a new keystore for this new certificate and modified the server.xml:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="1" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/sspapplusrtdcom.pfx" keystoreType="PKCS12" keystorePass="******" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="443" scheme="https" secure="true" sslProtocol="TLS"/>
Into
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/selfservice.keystore" keystorePass="******" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="443" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/>
After restarting the service I cannot access the portal anymore. When I restored the server.xml into the original one, I can access it, but then it uses the old certificate.
Is there any way to check what is going on with this new certificate ?
kind regards,
Marco Nedermeijer