Our ADSelfService portal was using a certificate which gave errors with Chrome and Firefox (“Server has a weak ephemeral Diffie-Hellman public key”), so I bought a new certificate.

I created a new keystore for this new certificate and modified the server.xml:

  <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="1" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/sspapplusrtdcom.pfx" keystoreType="PKCS12" keystorePass="******" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="443" scheme="https" secure="true" sslProtocol="TLS"/>

  Into

  <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/selfservice.keystore" keystorePass="******" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="443" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/>

After restarting the service I cannot access the portal anymore. When I restored the server.xml into the original one, I can access it, but then it uses the old certificate.

Is there any way to check what is going on with this new certificate ? 

kind regards,

Marco Nedermeijer