How to remove self-signed root from tomcat 6 server?
I have a geotrust verified SSL certificate. The server is tomcat 6. I did the following:
1 - Create keystore file
keytool -genkey -alias -keyalg RSA -keysize 2048 -keystore -sigalg SHA256withRSA
2 - Generate CSR
keytool -certreq -alias -file -keystore -sigalg SHA256withRSA
3 - Import the downloaded p7b file provided by Symantec vs CSR and imported the certificate
keytool -import -alias -trustcacerts -file -keystore
Everything works fine, but the following warning appears in the Symantec SSL Toolbar
Recommendations: Root is installed on the server. For best practice, remove the self-signed root from the server.
Any ideas how I can remove Root from Server to avoid this warning?
source to share
To remove the root self-signed certificate from tomcat, you need to remove it from your java installation. This action is performed using the keytool binary key, which is located in the bin folder inside your java jdk installation.
The options you should use to remove the self signed certificate from tomcat are as follows:
keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file}
-storepass ${keystore.pass}
For example, to remove the self signed tomcat cert that I installed on my machine, I had to use the following:
"%JAVA_HOME%\bin\keytool" -delete -noprompt -alias tomcat
Additional Information:
https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
source to share
The only thing I found was this article , which basically says "Browsers will get your paid certificate, also get your self-signed certificate" and it is their job to figure it out.
IMHO the Symantic product wasted my time chasing wild geese. They also recommend patching BEAST with RC4 (I suppose) which is not recommended. Browsers fix BEAST.
BEAST
The BEAST attack is not mitigated on this server.
Root installed on the server.
For best practices, remove the self-signed root from the server.
I recommend this service instead: https://www.ssllabs.com/ssltest/analyze.html
Their fix articles are very helpful.
source to share