Share via

Fix Root AD CA certificate on Win Server 2022 for Apache Tomcat 9 website not loading?

51080275 20 Reputation points
2024-04-09T09:50:36.74+00:00

We setup a Windows Active Directory Certificate Authority on our Windows Server 2022 and issued a certificate for an Apache Tomcat 9 server website. When a user accesses the website, logging in with a valid AD logon, the website will show the website is not secure and a closer look reveals that the root certificate is missing. Accessing the website when logged into a domain computer does not present the same issue and the valid root certificate is there. To fix this issue, AD users logging into the website can upload the root certificate and password provided by the AD CA Administrator. Is there a better way to handle/fix this issue either at the AD CA server or the server hosting the Apache Tomcat 9 server website? Note, the Server hosting the Apache Tomcat 9 website is a Windows Server 2019 version.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,125 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,772 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 20,556 Reputation points Microsoft Vendor
    2024-04-10T01:33:25.16+00:00

    Hello 51080275,

    Thank you for posting in Q&A forum.

    To fix this issue, AD users logging into the website can upload the root certificate and password provided by the AD CA Administrator.

    A1: Do you mean users can upload the root CA certificate to Certificates-Local Computer\Trusted Root Certification Authorities\Certificates on their machine?

    User's image

    When a user accesses the website, logging in with a valid AD logon, the website will show the website is not secure and a closer look reveals that the root certificate is missing.

    A: Where does the user logon and access the website? If the users log on the domain-joined machines, and if it is indeed the root certificate missing issue, you can try to import the root CA certificate into Trusted Root Certification Authorities\Certificates on their machines.

    You can also install certificates into Certificates-Local Computer\Trusted Root Certification Authorities\Certificates via GPO (below) on Domain Controller.

    Computer Configuration\Policies\Windows Settings\Security Settings\Publish Key Policies\Trusted Root Certification Authorities

    User's image

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments