Share via

Fix Root AD CA certificate on Win Server 2022 for Apache Tomcat 9 website not loading?

51080275 20 Reputation points
2024-04-09T09:50:36.74+00:00

We setup a Windows Active Directory Certificate Authority on our Windows Server 2022 and issued a certificate for an Apache Tomcat 9 server website. When a user accesses the website, logging in with a valid AD logon, the website will show the website is not secure and a closer look reveals that the root certificate is missing. Accessing the website when logged into a domain computer does not present the same issue and the valid root certificate is there. To fix this issue, AD users logging into the website can upload the root certificate and password provided by the AD CA Administrator. Is there a better way to handle/fix this issue either at the AD CA server or the server hosting the Apache Tomcat 9 server website? Note, the Server hosting the Apache Tomcat 9 website is a Windows Server 2019 version.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | Devices and deployment | Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-10T01:33:25.16+00:00

    Hello 51080275,

    Thank you for posting in Q&A forum.

    To fix this issue, AD users logging into the website can upload the root certificate and password provided by the AD CA Administrator.

    A1: Do you mean users can upload the root CA certificate to Certificates-Local Computer\Trusted Root Certification Authorities\Certificates on their machine?

    User's image

    When a user accesses the website, logging in with a valid AD logon, the website will show the website is not secure and a closer look reveals that the root certificate is missing.

    A: Where does the user logon and access the website? If the users log on the domain-joined machines, and if it is indeed the root certificate missing issue, you can try to import the root CA certificate into Trusted Root Certification Authorities\Certificates on their machines.

    You can also install certificates into Certificates-Local Computer\Trusted Root Certification Authorities\Certificates via GPO (below) on Domain Controller.

    Computer Configuration\Policies\Windows Settings\Security Settings\Publish Key Policies\Trusted Root Certification Authorities

    User's image

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.