Hello guys, I'm spinning into circles importing the certificate into my system. We are using a web based software that resides on tomcat. Here are the instructions I have got from the vendor on how to import the SSL:
Download your Certificate files from the email from CA to the directory where your keystore (sdp.keystore) was saved during the CSR creation process. The certificate must be installed to this exact keystore. If you try to install it to a different keystore it will not work. The certificates you downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly. Install the Root Certificate file: Each time you install a certificate to your keystore you will be prompted for the keystore password, which you chose when generating your CSR. Type the following command to install the Root certificate file: keytool -import -trustcacerts -alias root -file TrustedRoot.crt -keystore sdp.keystore NOTE: Choose 'Yes' if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <entrustsslca> Do you still want to add it to your own keystore? [no]:" You will get a confirmation stating that the "Certificate was added to keystore". Install the intermediate certificates if any. (Follow the instructions provided by the CA) Install the Primary Certificate file: Type the following command to install the Primary certificate file, keytool -import -trustcacerts -alias tomcat -file your_domain_name.crt -keystore sdp.keystore This time you should get a slightly different confirmation stating that the "Certificate reply was installed in keystore" If it asks if you want to trust the certificate. Choose y or yes. Your Certificates are now installed to your keystore file (keystore.key) and you just need to configure your server to use the keystore file. I'm assuming the root certificate is the one that certifies the CA. I'm using Equifax Secure eBusiness CA-1. I'm also assuming that the primary certificate is the one we purchased and is issued to us and includes our FQDN. After I apply the certificates, the system does not work. If I configure tomcat to use HTTP and any custom port it works. I'm really going out of my mind!!! Regards, Marwan Kandeel | IT Support Team Leader | Bupa Arabia PO Box 23807 Jeddah 21436 Saudi Arabia T: +966 920 000 456 Ext. 5119 | M: +966 501 941 099 www.bupa.com.sa<http://www.bupa.com.sa/> ________________________________ Disclaimer: Internet communications are not secure and therefore Bupa does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Bupa. The information in this email is intended only for the named recipient and may be privileged or confidential. If you are not the intended recipient please notify us immediately on +966 920 000456 and do not copy, distribute or take action based on this email.
