I'm just about to try this out has anyone had any success or can share any tips?
Thanks
Abz
Solved
Installing WildCard SSL Cert on tomcat
+8Best answer by abz_mungul
Ok so if anyone is interested I got this working and managed to install and SSL wildcard certificate on the JSS
I followed these instructions and they worked perfectly
http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C4150C297.8030802@ddai.net%3E
Also just so you know you need to use the private key of the Server that generated the CSR
+3I recommend generating the CSR (Certificate Signing Request) with the Java keystore tools, rather than the OpenSSL tools. As it turns out, it's impossible to import a private key into a keystore without resorting to third-party software.
+26Let me know how you go at this, I have to try this soon.
I started working at giving our helpdesk (tomcat also) SSL with this wildcard cert. I did find this article but I haven't had the time to start
http://goo.gl/fsZjb
@NTmatter I also agree that you would have better luck with the Java keystore tools.
+8The wildcard cert I'm using has already been used previously on a few apacahe servers. so I have already generated a CSR for those
so what I've tried to do is use the private key I previously generated for the apache servers in this case "server.key"
I then converted my pem file which contain the root/intermidate/public key in to a jks file
I then ran the following
keytool> -import -alias tomcat -keystore keystore.jks> -trustcacerts -file server.key
but this failed. Quite confused I cant really find any success stories with wildcard certs.
I'll do a bit more googling
@rpotvin thanks will have a look at the link
@NTmatter I generated my private keys (apache server) using OpenSSL
+8Just a brief overview of what im doing:
I have a wildcard certification which has already been used on several apache servers as a result I already have generated a CSR and have a private key for the apache server. The Private key is called server.key
From Comodo I have the following files
The Root certificate The Intermediate certificate public cert
I have made these into a pem file making sure that they are in the order (Root/Intermediate/Publiccert) - file name is called root.pem
I used the following command to convert root.pem to keystore.jks
keytool -import -v -trustcacerts -alias root -file root.pem -keystore keystore.jks -storepass 123456
I then use the following command
</path/to/keytool> -import -alias tomcat -keystore </path/to/Tomcat/keystore.jks> -trustcacerts -file </path/to/server.key
When I try an import this I am told that the keystone is not in the correct format
+3I'm actually in the same boat, except my cert was generated for IIS 7.x. I've managed to get the cert working in Apache, but no joy for Tomcat.
I'd suggest looking into ImportKey.java from http://www.agentbob.info/agentbob/79-AB.html as it looks like a free promising route to success. I haven't actually tried it as of yet, so it's wild speculation as to whether it will get the job done :)
+8Yeah ... so guys got some instructions from Jamf and comodo on how to do this followed the instructions and it did not work. so reverted all my tomcat files back to the original and now cant browse to 8443 at all.
So don't try this on a live machine...still trying to figure out why I cant connect to 8443 even though tomcat is running
Thanks
Abz
+8Ok so if anyone is interested I got this working and managed to install and SSL wildcard certificate on the JSS
I followed these instructions and they worked perfectly
http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C4150C297.8030802@ddai.net%3E
Also just so you know you need to use the private key of the Server that generated the CSR
+2Thanks abz.mungul
After creating the p12 file I then used instructions in https://jamfnation.jamfsoftware.com/article.html?id=138 to 'install' it.
:)
+4https://jamfnation.jamfsoftware.com/discussion.html?id=13131
Any Help on this thread ! Highly appreciable . Please provide a solution
@abz.mungul i have been provided with two cert and one key files, i have tested on my local tomcat server using these below commands,
i need to know is this enough to implement the SSL on pentaho tomcat instance?
- keytool -genkey -keyalg RSA -keysize 2048 -keystore localhost.keystore
- keytool -certreq -keyalg RSA -file domain.csr -keystore localhost.keystore
- keytool -import -trustcacerts -alias root -file tmca.crt -keystore localhost.keystore
- keytool -import -trustcacerts -alias tomcat -file tm.crt -keystore localhost.keystore
then i did the change in the server.xml file like below:
<Connector URIEncoding="UTF-8" port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="E:pentahoCSR Generatorfileslocalhost.keystore" keystorePass="shzyincu" clientAuth="false" sslProtocol="TLS" />
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.