I recommend generating the CSR (Certificate Signing Request) with the Java keystore tools, rather than the OpenSSL tools. As it turns out, it's impossible to import a private key into a keystore without resorting to third-party software.

Let me know how you go at this, I have to try this soon.

I started working at giving our helpdesk (tomcat also) SSL with this wildcard cert. I did find this article but I haven't had the time to start

http://goo.gl/fsZjb

@NTmatter I also agree that you would have better luck with the Java keystore tools.

The wildcard cert I'm using has already been used previously on a few apacahe servers. so I have already generated a CSR for those

so what I've tried to do is use the private key I previously generated for the apache servers in this case "server.key"

I then converted my pem file which contain the root/intermidate/public key in to a jks file

I then ran the following

keytool> -import -alias tomcat -keystore keystore.jks> -trustcacerts -file server.key

but this failed. Quite confused I cant really find any success stories with wildcard certs.

I'll do a bit more googling

@rpotvin thanks will have a look at the link

@NTmatter I generated my private keys (apache server) using OpenSSL

Just a brief overview of what im doing:

I have a wildcard certification which has already been used on several apache servers as a result I already have generated a CSR and have a private key for the apache server. The Private key is called server.key

From Comodo I have the following files

The Root certificate
The Intermediate certificate
public cert

I have made these into a pem file making sure that they are in the order (Root/Intermediate/Publiccert) - file name is called root.pem

I used the following command to convert root.pem to keystore.jks

keytool -import -v -trustcacerts -alias root -file root.pem -keystore keystore.jks -storepass 123456

I then use the following command

</path/to/keytool> -import -alias tomcat -keystore </path/to/Tomcat/keystore.jks> -trustcacerts -file </path/to/server.key

When I try an import this I am told that the keystone is not in the correct format

I'm actually in the same boat, except my cert was generated for IIS 7.x. I've managed to get the cert working in Apache, but no joy for Tomcat.

I'd suggest looking into ImportKey.java from http://www.agentbob.info/agentbob/79-AB.html as it looks like a free promising route to success. I haven't actually tried it as of yet, so it's wild speculation as to whether it will get the job done :)

thanks for the update :)

Yeah ... so guys got some instructions from Jamf and comodo on how to do this followed the instructions and it did not work. so reverted all my tomcat files back to the original and now cant browse to 8443 at all.

So don't try this on a live machine...still trying to figure out why I cant connect to 8443 even though tomcat is running

Thanks

Abz

Ok so if anyone is interested I got this working and managed to install and SSL wildcard certificate on the JSS

I followed these instructions and they worked perfectly

http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/%3C4150C297.8030802@ddai.net%3E

Also just so you know you need to use the private key of the Server that generated the CSR

Thanks abz.mungul

After creating the p12 file I then used instructions in https://jamfnation.jamfsoftware.com/article.html?id=138 to 'install' it.

:)

https://jamfnation.jamfsoftware.com/discussion.html?id=13131

Any Help on this thread ! Highly appreciable . Please provide a solution

@abz.mungul i have been provided with two cert and one key files, i have tested on my local tomcat server using these below commands,
i need to know is this enough to implement the SSL on pentaho tomcat instance?

1. keytool -genkey -keyalg RSA -keysize 2048 -keystore localhost.keystore


2. keytool -certreq -keyalg RSA -file domain.csr -keystore localhost.keystore


3. keytool -import -trustcacerts -alias root -file tmca.crt -keystore localhost.keystore


4. keytool -import -trustcacerts -alias tomcat -file tm.crt -keystore localhost.keystore

then i did the change in the server.xml file like below:

<Connector URIEncoding="UTF-8" port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="E:pentahoCSR Generatorfileslocalhost.keystore"
keystorePass="shzyincu" clientAuth="false" sslProtocol="TLS"
/>