Has anybody had any luck getting this to work? If I already have the certificate installed on my OS X server, can I just point Tomcat to it?
I spent all day on the phone yesterday w/ JAMF and RapidSSL and couldn't get it working.
Solved
Use existing wildcard cert for JSS
+14Best answer by justinrummel
John,
That is the trick is you don't. The simple solution is copy your wildcard SSL to your system keychain. Login as root, Launch Keychain Access. Select your wildcard, root CA and any Intermediate CA and export them all to a .p12 file. Then use
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
in your server.xml file in Tomcat as described above.
I've been using a wilcard cert for years with our JSS. I never used it as an existing cert installed in the OS, however. I use openssl command line to create a keystore. I then put the keystore in /Library/Tomcat. Finally, I add the following to server.xml in the SSL Connector tag...
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
+26Its a head ache, but yeah we also have our wildcard ssl cert enabled here
installed windows? mac? linux?
+14I guess what I'm running into trouble with is how do I import our existing wildcard SSL cert into the keystore?
All instructions I find have me create a keystore, generate a CSR, and have a new certificate issued. This won't work for our situation as the certificate has already been installed on other machines and services.
+13John,
That is the trick is you don't. The simple solution is copy your wildcard SSL to your system keychain. Login as root, Launch Keychain Access. Select your wildcard, root CA and any Intermediate CA and export them all to a .p12 file. Then use
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
in your server.xml file in Tomcat as described above.
+9we have our wildcart cert for the JSS as well. It was a major headache for us. We actually were only able to get it working with the help of a 3rd party consultant that i work with on other issues. I think jamf really needs to implement an easier way to install a wildcart cert.
+14Justin! Yes! You nailed it! Thank you!!
+1I'm hitting a wall. I'm in 10.8 Server, logged in a root. I've imported my wildcard cert, GoDaddy's root cert, and GoDaddy's intermediate cert. I select all three, right click on "Export Three Items", but the p12 option is grayed out.
Any ideas? TIA.
+1I'm hitting a wall. I'm in 10.8 Server, logged in a root. I've imported my wildcard cert, GoDaddy's root cert, and GoDaddy's intermediate cert. I select all three, right click on "Export Three Items", but the p12 option is grayed out.
Any ideas? TIA.
+3In order to export all three you have to be logged in as root or use the following command.
sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
+29Just ran into this issue, no matter what I select in Keychain Access the .p12 option was disabled/"greyed out". Be sure you have the Private Key selected - then, and only then, can you export as a .p12 file.
+16Sorry to post on such an old thread, but I have a wildcard cert that I've been trying to use for my JSS as well but I'm running Windows Server 2008 R2. Has anyone accomplished using a wildcard cert for JSS on a Windows box?
+29Yes, the one I set up last July was on Windows… sadly I don't remember the details, without sitting in front of a Windows VM, but it's certainly do-able. I think I used Keychain Access on the Mac just to create the "combined" .p12 file...
+1Hello Guys,
I seem to only be able to export to a .p7b and I'm then unsure where this file goes before editing the server.xml file. Any ideas?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.