Installation of WildCard SSL certificate (By Comodo) on Tomcat Apache Web Server

anant_jauhari
New Contributor

HI All , I am installing a wild Card SSL certificate to my keystore which will be used for Apache Tomcat web server.
Description :
My Tomcat Server is installed on windows 2012 server.
And I have certificates provided from COMODO.
The wildcard cert I'm using has already been used previously on a few servers. so I am directly installing same on my apache tomcat server .
so what I've generated a public keystore using keytool providing the same information used while purchasing the certificate using following tool command.
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
Then I have attached my certificates to the generated keystore using following commond For "Comodo" certificates
i.keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystoreselfservice.keystore
And I have used correct chain of installation of certificate like root , all intermediate, primary from above command.

And while installing each certificate i received the following message "Certificate added to keystore"
Though I have not got any error . And when i have opened my keystore there were no certificate chain , means there is individual entry of each certificate . but there is no chain hierarchy of certificates like Root then intermediate then primary.
And in my final PI or certifcate, i am getting provider as local first name instead of Comodo .
EXAMPLE : CN=nims.ABC.com,OU=abcCommunications,O=abc Group LLC,L=Roseville,ST=Minnesota,C=US Provider must be CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

So I would like to know which steps I have missed or used any extra steps .
Thanks in advance

5 REPLIES 5

anant_jauhari
New Contributor

https://jamfnation.jamfsoftware.com/viewProfile.html?userID=1384

justinrummel
Contributor III

When I'm dealing with creating a keystone file, I sometimes run our script https://github.com/stonyrivertech/SRT-Public/blob/master/General/Ubuntu-SSLCert-jks.sh, or at least look at the source. I've noticed the difference between our script and your lines is when you create your keystone you are missing the "keysize" and defining a password.

- Justin

anant_jauhari
New Contributor

Following procedure that I have used to install provided SSL certificate to the application.
I have created a new keystore file by using appropriate XCOmpy information, and then I have added all certificate chain to generated keystore , first root , intermediate one ,
Intermediate two ,followed by primary certificate (14596380repl_1.cert) .
But When I am adding a new 14596380repl_1.cert(XCompny Primary SSL certificate) to the newly generated keystore,
I got the following message: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
There is a mismatch between the keys with the current keystore and the one contained in the 14596380repl_1.cert(XCompny Primary SSL certificate).

Please find attached document which consist of screen shots of each step that I have performed during installation with references.

davidacland
Honored Contributor II

Hi, are you importing the private key from the server that generated the CSR? The error your getting looks like the private key in your keystore doesn't match the public key of the certificate your importing.

Someone else has had success previously on this thread: https://jamfnation.jamfsoftware.com/discussion.html?id=4049

anant_jauhari
New Contributor

@davidacland Many Thanks for responding !!
You are absolutely correct , I am not importing private key , so can i extract this private key from the certificate ?
Or how can I get this private key ?
I am new-bee to this SSL installation , and learning my way through this problem.
It will be great help if you can approach , and can tell me the way .