How to import SSL certificate into keystore

QUESTION:
How do I import an SSL certificate into the Traverse webapp keystore?
 
 
RESOLUTION:
Here are the commands used to create the keystore for Tomcat with a wildcard certificate.
 
Note: you must have the private key that was used to generate CSR.
 
Once the CA sends you new certificate, the key may need to be converted into a format that can be read by the "keytool" command:
 
# openssl pkcs12 -export -in STAR_somedomain_com.crt -inkey PRIV_somedomain.key -out STAR_somedomain_com.p12 -name tomcat -CAfile AddTrustExternalCARoot.crt -caname root
 
Enter Export Password:
Verifying - Enter Export Password:
 
On this step, you have to enter a password. In this example, "changeit" was used as it is the default password for the Traverse Tomcat server.
 
# apps/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /tmp/webapp.keystore -srckeystore STAR_somedomain_com.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias tomcat
 
On this step and the next step "changeit" is used for the password and the keystore password.
 
# cp /tmp/webapp.keystore /usr/local/traverse/plugin/web/
cp: overwrite `/opt/traverse/plugin/web/webapp.keystore'? y
 
# apps/jre/bin/keytool -keystore ../plugin/web/webapp.keystore -storepass changeit -list -alias tomcat      
 
tomcat, Oct 7, 2013, PrivateKeyEntry, 
Certificate fingerprint (MD5): 14:92:C7:F3:0F:F1:EA:2B:8B:93:25:EA:FC:0D:F3:F7
 
Note that "PrivateKeyEntry" is indication that it's a valid certificate that can be used by Tomcat. Please update the standard key installation instructions with this information.
 

APPLIES TO:

All versions of Traverse 

 

REFERENCE:

Configuration - On-Premise - Configuring SSL for the Web Application

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section