How to use Globalsign SSL certificates with JSS

New Contributor

We were attracted to Globalsign's inexpensive wildcard certificates, fully aware that there would be zero frills.

We are running JSS 9.65 under Ubuntu 14.04 LTS. After creating a new Tomcat keystore, generating the CSR, and being issued the certificate, we were having a difficult time getting the final certificate installed via keytool. The PEM certificate provided to us wouldn't work.

We wound up importing Globalsign's intermediate certificate:

/path/to/keytool -import -alias intermediate -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/root.cer

Then converting our Globalsign-provided PKCS7 certficate to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Afterwards, we were able to import the resulting .cer with no problem.

Your mileage may vary, but I hope this may help somebody experiencing similar frustration.