Novell Cool Solutions

Import a given Class2 StartCom Certificate into Novell Vibe Tomcat Keystore


August 27, 2013 3:10 pm






Supposed you have already received your wildcard-certificate and the corresponding private key from, revisit the website of StartSSL again to prepare a .p12 file (e.g. <>) because we need it for the later import process where you create a new vibe keystore.

Download additionally the certificate authority file ca.crt and the corresponding intermediate certificate fils files from StartCom. Depending on your certificate level you need for a class2 certificate.

Check as root, that the keytool is reachable, otherwise you can fix that: e.g.

# echo 'PATH=/usr/java/jdk1.6.0_29/bin:$PATH' >> ~/.profile
# source ~/.profile

Preparing the new keystore

As root enter the directory where the tomcat keystore is located: e.g. /opt/novell/teaming/apache-tomcat/conf.

Backup the original keystore that is named .keystore to .keystore.orig and delete the old one.
Place your file in this directory.

Building the new keystore

  1. Now we are going to create the new keystore with the prepared StartSSL .p12:
    # keytool -v -importkeystore -srckeystore <> -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS
  2. Have a check, what is actually contained in the keystore:
    # keytool -list -keystore .keystore
  3. Notice: As you can see, there is an automatically given alias “startcom, pfx certificate” for the imported certificate.
    We have to rename it to the alias “tomcat”. This was the important thing for my configuration. Check your alias naming in server.xml.
    Here is the changealias command:

    # keytool -changealias -v -alias "startcom pfx certificate" -destalias tomcat -keystore .keystore
  4. Next import the ca.crt file:
    # keytool -import -alias -file ca.crt -trustcacerts -keystore .keystore 
  5. Import also the necessary intermediate certificate chain file:
    # keytool -import -alias -file -trustcacerts -keystore .keystore
  6. Set the owner: e.g
    # chown vibeadmin:vibeadmins .keystore
  7. Adjust the rights:
    # chmod 750 .keystore
  8. Restart Teaming:
    # /etc/init.d/teaming restart

Now you should be done.

Because the investigation and tests took a longer time, I wanted to share it.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Technical, Vibe


Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.