- Jamf Nation Community
- Products
- Jamf Pro
- How to Install SSL Certificate into the JSS?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to Install SSL Certificate into the JSS?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-03-2011 02:53 PM
Hello!
Hope everyone is looking forward to the weekend :)
I have searched around quite a bit online as well as through the manual but I cant seem to find any steps for installing a Valid SSL Cert into the JSS.
I have acquired a valid SSL Certificate, but I cant work out for the life of me how to import it into casper.
I checked on the Server's Server Admin but it looks like it does not get the certs from there.
Any help would be appreciated, Just want to get my JSS online with a valid SSL Cerificate.
Regards,
John
--
John Szaszvari
Network Manager | Monte Sant' Angelo Mercy College
02-9409-6281 | jszaszvari at monte.nsw.edu.au | 128 Miller St, North Sydney
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-03-2011 04:48 PM
Hello John,
Below is a link to our Knowledge Base article on the subject of enabling SSL for Tomcat with a public certificate. Please feel free to let us know if we can assist or clarify anything for you.
http://www.jamfsoftware.com/kb/article.php?id=019
Thank you,
--
Dusty Dorey
Support Specialist
Dusty.Dorey at jamfsoftware.com
....................................................................
JAMF Software
1011 Washington Ave. S
Suite 350
Minneapolis, MN 55415
....................................................................
Office: (612) 605-6625
Facsimile: (612) 332-9054
....................................................................
US Support: (612) 216-1296
....................................................................
http://www.jamfsoftware.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2011 06:31 AM
http://www.jamfsoftware.com/kb/article.php?id=019
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-08-2011 04:09 PM
Hey, I want to jump in on this question as well, although with a slight difference...
I have viewed the noted KB article, but it walks you through generating a CSR and then importing the result back. It also seems to indicate that the act of creating the keystore auto-generates a self signed cert.
I have a wildcard certificate that I would like to install, and I'm not seeing any information on how to import that...
I tried generating the keystore, then skipping the CSR steps and importing my wildcard cert with the commands in step 7 & 8 - 7 worked, but 8 gives me the following error:
keytool error: java.security.cert.CertificateParsingException: signed overrun, bytes = 464
I've done a Google search about Tomcat and wildcard certs, but so far the only things I've found are behind a paywall...
Any ideas?
Jeff
Jeff Dyck | Analyste de reseaux - Mac OS X
Conseil Scolaire Francophone de la Colombie-Britannique (SD 93)
3550 Wellington Street, Annexe B - Port Coquitlam, BC - V3B 3Y5
Tel: 778-284-0902 - Cell: 778-990-7960 - http://support.csf.bc.ca
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-09-2011 06:38 AM
You need to import the certificate into the keystore that created the CSR. Otherwise it's not going to work as the public/private keys aren't going to line up.
Or, you need to import the private key that matches that cert into the keystore. I was able to export the private key using Portecle (http://sourceforge.net/projects/portecle/) as the keytool command line option has no way to export the private key so you can use your certificate in OpenSSL. It may be able to import it as well.
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-09-2011 01:26 PM
Even with a wildcard cert, you still need to generate a CSR. When asked for the formal name (the FQDN) in the request, just put in the *.yourdomain.blah for the domain, send it to the certificate authority and they’ll send the certificate for the server. This process creates the private key for the signing request.
We use a wildcard cert on our JSS. You’ll need to be sure your wildcard cert you purchased allows for multiple server installs and/or re-issues.
John
--
John Wetter
Technical Services Manager
Educational Technology, Media & Information Services
Hopkins Public Schools
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-09-2011 03:52 PM
Hmmm...
I'm still confused about this, as I already physically have the cert files - all three of them (a public key, a private key, and the GoDaddy cert chain). I've used this on several other servers with no problems (web and iChat mostly so far), and my Linux colleague has done the same.
My understanding of a wildcard cert is once you get it you can install it onto multiple servers without having to get new certs signed. This was purchased before I started working here, but my understanding is we paid quite a bit of money for that privilege.
I'm not an expert on this stuff though, and it's kinda making my head hurt a bit. This was easy to install onto my other OS X servers yesterday, the Tomcat install has been the only tough part so far, although I'm also pushing for our network guy to install this onto our Aruba wireless network as well, so that might also be a challenge.
Sounds like I'm going to work on it with the Casper folks tomorrow, will see how that goes, assuming we get it working I might try and put up instructions (assuming I follow what they do) on how to do it.
Thanks for the input.
Jeff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2012 07:14 PM
We followed the following link to get our Tomcat working with our wildcard certificate:
http://www.computer-howto.com/2011/06/exporting-godaddy-wildcard-certificate-iis-tomcat/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-25-2018 05:56 PM
Hi, I know this post is fairly old now, but I am here to post an updated FIX for importing a Wildcard SSL certificate into Casper JSS, mainly aimed for any version on 9.XX. This is what worked for me:
Please ensure the SSL cert you are attempting to upload is in the .p12 format. If not, change this by renaming and adding the .p12 extension.
Ensure the private password for the SSL cert does NOT contain any special characters, as Tomcat cannot decrypt these.
If you need to change this, export your certificate from IIS, if you already have this setup, change the password to something without special characters. Change file format to .p12 then import this into the Tomcat settings on JSS.
If you don't know how to export a certificate from IIS, here is how:
In IIS go to:
1. server (Servername) > Server Certificates > Select certificate
2. Right-click certificate > View > Details (tab) > Copy to File..
Export PK, assign password (DO NOT CONTAIN SPECIAL CHARACTERS), then export
3. Change certificate file format to .p12
Regards,
Zak
