How to fix Root certificate not loading for windows server 2019

Question

We created a CA on our AD Windows Server 2019 and issued certs for an Apache Tomcat 9 server website. If logged onto a domain Windows computer, the certificate is valid with the hierarchy of root and web certificate. If accessing the website while not logged onto the domain, the certificate is invalid, and a closer look reveals that the root certificate is missing. Note, the web application is configured to us the AD for validating users and there is no issues with logging onto the website.

Answer 1

Hello,

Thank you for posting in Q&A forum.

When you visit the Apache Tomcat 9 server website, if you log in on a domain computer, you will be able to verify the certificate because you already have a root certificate on your computer. However, if you access the website on a non domain computer, your computer may not have the corresponding root certificate, so the validity of the server certificate cannot be verified.

To solve this problem, you can perform the following steps:

Obtain root certificate: Export your root certificate on the domain computer. This can usually be done by accessing the certificate service in Active Directory, or by performing the corresponding operation on your Windows Server 2019. Export the root certificate to a file.

Install Root Certificate: Transfer the exported root certificate file to your non domain computer and install the root certificate on the non domain computer. You can run the installation wizard by double clicking on the certificate file and selecting to install the certificate in the Trusted Root Certification Authorities store.

Accessing the website again: After completing the installation, try accessing the Apache Tomcat 9 website again. Now, your non domain computer should be able to correctly verify the server certificate as it now has the corresponding root certificate.

Hope this answer can help you well.

Best regards，

Jill Zhou