Issue in reading SSL certificate

[Hirnya Kaushal <hi...@altruistindia.com>]

Dear,

 

I am facing a very peculiar issue with the SSL certificate for Tomcat7. I am
using Java 7 and Tomcat 1.7.075. and facing the below issue with the SSL
certificate. I have followed the below steps to generate the certificate and
apply same on server.xml.

 

Generated the CSR file by using the keytool on the server.

1)      $JAVA_HOME/bin/keytool  -genkey -alias server -keyalg RSA -keysize
2048 -keystore /opt/hirnya/mobileweyakae.jks

2)      $JAVA_HOME/bin/keytool -certreq -alias server -file
/opt/hirnya/csr.txt -keystore /opt/hirnya/mobileweyakae.jks

Shared my case file with CA provider and received back chain.p7b file. And
followed the below step to import the key tool (I tried 2 ways to apply the
same but the end results and the error on the tomcat logs are almost same.)

1.	Double click .p7b file on windows
2.	Expand the node certificates from the left side.
3.	On the right side the list of certificate occurred.
4.	Double click the required certificate to open it.
5.	Click the details tab.
6.	Click the "copy to file..." button
7.	click next
8.	select the 2nd format (Base-64 encoded X.509 (.CER))
9.	Enter the file name (As original file name). Please make sure the
file location (Directory)
10.	Read the export wizard setting and then Press "Finish" button.
11.	Repeat the same steps for all 3 certificates.

Then, transferred the all certificate on same path where I have generated
the csr file and imported the file with 2 different way. 

 

Steps of Process one applied:

Imported the files received from CA with below command and applied with all
files received from CA.

$JAVA_HOME/bin/keytool -import -trustcacerts -alias root -file
/opt/hirnya/root.cer -keystore /opt/hirnya/mobileweyakae.jks

$JAVA_HOME/bin/keytool -import -trustcacerts -alias abc -file
/opt/hirnya/server.cer -keystore /opt/hirnya/mobileweyakae.jks

$JAVA_HOME/bin/keytool -import -trustcacerts -alias mobile -file
/opt/hirnya/mobile.cer -keystore /opt/hirnya/mobileweyakae.jks

 

Attached is the view of certificate generated (crtifacate-process1.txt) and
the tomcat logs ()tomcatand below is the configuration for SSL on tomcat.

 

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"  useURIValidationHack="false"
keystoreFile="/opt/hirnya/mobileweyakae.jks" keystorePass="changeit" />

 

 

Steps of Process Two applied:

 

Exported the keystore to the pem file.

 

1)      $JAVA_HOME/bin/keytool -exportcert -rfc -file /opt/hirnya/server.pem
-keystore /opt/hirnya/mobileweyakae.jks -alias server

2)      Open the pem file with cat and added the other certificates received
from CA into the same file and generated the bundle.pem file, attached is
the file for reference. (this includes all the certificates)

3)      Then imported the certificates to the keytool with below command

$JAVA_HOME/bin/keytool -importcert -keystore /opt/hirnya/mobileweyakae.jks
-alias server -file /opt/hirnya/bundle.pem.
 
 
The certificate generated output is attached as certificate-process2.txt for
reference and the logs of the tomcat as well.

 

 

In both the case I am able to reach the https:// but receiving the security
error and only reading the self-generated key and not able to read the
imported key.

 

Attaching the generated key files(mobileweyakae.jks) and certificate
(hirnya.zip) as well for your reference.

 

Thanks in advance for your support.

 

 

Thanks & Regards,

Hirnya Garbh Kaushal,

MobiSoft Telesolutions(Altruist Group)

Mobile(Dubai,UAE): +971 564745875

Office(Dubai,UAE): +971 43261893

mobisoft