Have a Problem Importing an SSL Certificate

[Marwan Kandeel <Ma...@bupa.com.sa>]

Hello guys,

I'm spinning into circles importing the certificate into my system. We are using a web based software that resides on tomcat. Here are the instructions I have got from the vendor on how to import the SSL:

Download your Certificate files from the email from CA to the directory where your keystore (sdp.keystore) was saved during the CSR creation process. The certificate must be installed to this exact keystore. If you try to install it to a different keystore it will not work. The certificates you downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly.
Install the Root Certificate file:
Each time you install a certificate to your keystore you will be prompted for the keystore password, which you chose when generating your CSR. Type the following command to install the Root certificate file:
keytool -import -trustcacerts -alias root -file TrustedRoot.crt -keystore sdp.keystore
NOTE: Choose 'Yes' if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <entrustsslca> Do you still want to add it to your own keystore? [no]:" You will get a confirmation stating that the "Certificate was added to keystore".
Install the intermediate certificates if any. (Follow the instructions provided by the CA)
Install the Primary Certificate file:
Type the following command to install the Primary certificate file,
keytool -import -trustcacerts -alias tomcat -file your_domain_name.crt -keystore sdp.keystore
This time you should get a slightly different confirmation stating that the "Certificate reply was installed in keystore" If it asks if you want to trust the certificate. Choose y or yes. Your Certificates are now installed to your keystore file (keystore.key) and you just need to configure your server to use the keystore file.

I'm assuming the root certificate is the one that certifies the CA. I'm using Equifax Secure eBusiness CA-1.

I'm also assuming that the primary certificate is the one we purchased and is issued to us and includes our FQDN.

After I apply the certificates, the system does not work. If I configure tomcat to use HTTP and any custom port it works. I'm really going out of my mind!!!


Regards,
Marwan Kandeel | IT Support Team Leader | Bupa Arabia
PO Box 23807 Jeddah 21436 Saudi Arabia
T: +966 920 000 456 Ext. 5119 | M: +966 501 941 099

www.bupa.com.sa<http://www.bupa.com.sa/>


________________________________
Disclaimer: Internet communications are not secure and therefore Bupa does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Bupa. The information in this email is intended only for the named recipient and may be privileged or confidential. If you are not the intended recipient please notify us immediately on +966 920 000456 and do not copy, distribute or take action based on this email.

Re: Have a Problem Importing an SSL Certificate

[Ognjen Blagojevic <og...@gmail.com>]

Hi Marwan,

> I'm spinning into circles importing the certificate into my system. We are using a web based software that resides on tomcat. Here are the instructions I have got from the vendor on how to import the SSL:

Instructions seems correct.


> I'm assuming the root certificate is the one that certifies the CA. I'm using Equifax Secure eBusiness CA-1.
>
> I'm also assuming that the primary certificate is the one we purchased and is issued to us and includes our FQDN.

This is also correct.


> After I apply the certificates, the system does not work. If I configure tomcat to use HTTP and any custom port it works. I'm really going out of my mind!!!

After you calm down, please describe what "the system does not work" 
means? Are all certificates imported correctly? When you list your 
certificates (with "keytool -list -keystore mykeystore.jks") you should 
see several trusted key entries and one private key entry. Check if your 
server.xml config for HTTPS connector is pointing to right keystore 
file. Describe exactly what did you try and what error message do you get.

Regards,
Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Have a Problem Importing an SSL Certificate

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Marwan Kandeel [mailto:Marwan.Kandeel@bupa.com.sa] 
> Subject: Have a Problem Importing an SSL Certificate

> I'm really going out of my mind!!!

So I guess it's good that we can't read it to find out what Tomcat version you're using, if you're using APR, what the  JVM level is that you're running on, the platform in use, whether or not you've got a front-end like httpd, and whether or not you've read the relevant Tomcat docs:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org