QUESTION:
How do I import an SSL certificate into the Traverse webapp keystore?
RESOLUTION:
Here are the commands used to create the keystore for Tomcat with a wildcard certificate.
Note: you must have the private key that was used to generate CSR.
Once the CA sends you new certificate, the key may need to be converted into a format that can be read by the "keytool" command:
# openssl pkcs12 -export -in STAR_somedomain_com.crt -inkey PRIV_somedomain.key -out STAR_somedomain_com.p12 -name tomcat -CAfile AddTrustExternalCARoot.crt -caname root
Enter Export Password:
Verifying - Enter Export Password:
On this step, you have to enter a password. In this example, "changeit" was used as it is the default password for the Traverse Tomcat server.
# apps/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /tmp/webapp.keystore -srckeystore STAR_somedomain_com.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias tomcat
On this step and the next step "changeit" is used for the password and the keystore password.
# cp /tmp/webapp.keystore /usr/local/traverse/plugin/web/
cp: overwrite `/opt/traverse/plugin/web/webapp.keystore'? y
# apps/jre/bin/keytool -keystore ../plugin/web/webapp.keystore -storepass changeit -list -alias tomcat
tomcat, Oct 7, 2013, PrivateKeyEntry,
Certificate fingerprint (MD5): 14:92:C7:F3:0F:F1:EA:2B:8B:93:25:EA:FC:0D:F3:F7
Note that "PrivateKeyEntry" is indication that it's a valid certificate that can be used by Tomcat. Please update the standard key installation instructions with this information.
APPLIES TO:
All versions of Traverse
REFERENCE:
Configuration - On-Premise - Configuring SSL for the Web Application