Skip to content

server ssl certificate

Jump to bottom
Nelson Loyola edited this page Feb 26, 2019 · 2 revisions

WikiServer InstallationSSL Certificat Installation

SSL Certificate Installation

Use these instructions to create a keystore file and import an SSL certificate into it.

  1. Create a keystore:

    keytool -genkey -keyalg RSA -keysize 2048 -alias <server_domain_name> -keystore biobank.keystore

    Replace <server_domain_name> with the host name of your server.

    Use biobank2 as the password. Use the same password for the keystore.

    When prompted for your name, enter the name of the host, not your own name.

    If -alias is NOT specified, "mykey" will be used as the default alias. This can cause a lot of grief in the future when attempting to import certificates.

  2. Generate a CSR:

    keytool -certreq -keyalg RSA -alias <server_domain_name> -file <csr_file_name> -keystore biobank.keystore

    Replace <server_domain_name> with the host name of your server, and <csr_file_name> with a file name to be used in the next step.

  3. Submit the file <csr_file_name> to the certificate signing authority. E.g. Global Sign.

  4. The certificate signing authority will reply with a certificate email. Download the X509 certificate under and save it as primary.cer. The intermediate certificate should be saved as inter.cer. The root certificate should be saved as root.cer.

  5. Import the certificates:

  6. root:

```sh
keytool -import -trustcacerts -file root.cer -alias root -keystore biobank.keystore
```

If you receive a message that says `Certificate already exists in system-wide CA keystore under
alias <...> Do you still want to add it to your own keystore? [no]:`, select Yes. If successful,
you will see `Certificate was added to keystore`.
  1. intermediate:
```sh
keytool -import -trustcacerts -file inter.cer -alias inter -keystore biobank.keystore
```

If successful, you will see "Certificate was added to keystore".
  1. certificate:
```sh
keytool -import -file primary.cer -alias <server_domain_name> -keystore biobank.keystore
```

Replace `<server_domain_name>` with the host name of your server.

When imported successfully, the message `certificate reply imported` is displayed.

  1. Copy biobank.keystore to the Tomcat server.

    cp biobank.keystore /opt/tomcat/apache-tomcat-8.5.30/conf

Main Page

Clone this wiki locally