Managing SSL Certificates

From LongJump Support Wiki
Revision as of 18:49, 3 May 2011 by imported>Aeric (Text replace - 'Category:System Administration' to 'Category:Installation')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Managing SSL Certificates

Obtaining an SSL Certificate

The platform provides a default self-signed certificate which is used by the Application Server.

To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.

The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.

To create a Certificate Signing Request (CSR)

  1. Create a keystore (longjump) and private key (tomcat) in this directory:
    longjump_installation/tomcat/conf/RN
    keytool -genkey -alias tomcat -keyalg RSA -keystore longjump
  2. Create a CSR from the keystore (longjump)
    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore longjump
  3. The result is a file: certreq.csr, which can be submitted to the CA

Once you have obtained a certificate from the CA, in addition to your certificate, the CA might provide an Chain/Root Certificate, which must be installed/imported into the keystore created in the previous section.

To Install the Certificate

  • If you have received the chain certificate from the (CA), complete #1 - #3:
  • If you have NOT received the chain certificate from the (CA), complete #3 only:
  1. Install/import the chain certificate: Copy the contents of the chain certificate into a file called chain
  2. Import the chain certificate into your keystore:
    keytool -import -alias root -keystore longjump -trustcacerts -file chain
  3. Import the certificate received from the CA:
    keytool -import -alias tomcat -keystore longjump -trustcacerts -file <certificate filename >

Replacing the Default SSL Certificate

To replace the certificate:

  1. Add the new certificate to this directory:
    longjump_installation/tomcat/conf/RN
  2. Edit the server.xml file, located in: #longjump_installation/tomcat/conf/
  3. Replace the following line:
    keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"
    with:
    keystoreFile="conf/RN/your_certficate_file_name"
    keystorePass="your_password_for_certificate_store"
  4. Save the file
  5. Restart the application server

The Application Server will now use your certificate file for communication over https.

Learn More

  • Certificate Signing Request (CSR) Generation Instructions-Tomcat, at

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR227