Adding CA provided certificate to Enable SSL(Tomcat)

Owned by Divij.Sehgal
Last updated: Jun 20, 2024
1 min read

In case you have a certificate and private key provided by a Certificate Authority, you would need to include both the server and the intermediate certificate, as well as the private key provided by CA to the keystore.

Steps to follow

  1. Merge both the Certificates

    • Copy the contents of Server certificate to a .pem file or a .cer file

    • Copy the contents of the intermediate certificate to a .pem file or a .cer file

    • cat certificate.crt chain.crt > merge.pem

  2. Export this file as a pfx using Openssl:

openssl.exe pkcs12 -in chain.pem -inkey PRIVATEKEY.key -export -out certs.pfx -name myAlias

  1. Once the Certificates and private key are imported, you need to point the keystore to this pfx file, and provide alias in the server.xml

<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2" connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true" maxHttpHeaderSize="16384" keystoreFile="/u01/flexdeploy/flexdeploy.pfx" keystorePass="changeit" keyAlias="myAlias" clientAuth="false" compression="on" compressionMinSize="1024"/>

  1. Restart FlexDeploy once changes are made in server.xml

In case of .p7b file

In several cases, your Certificate authority will provide you with a .p7b file, since this is not a valid X.509 format to import to a Java keystore, you would need to convert this to a .cer file and then Export this file as a pfx using Openssl

 

 

The following macros are not currently supported in the footer:
  • style