Cool Solutions

Import a given Class2 StartCom Certificate into Novell Vibe Tomcat Keystore



By:

August 27, 2013 3:10 pm

Reads: 368

Comments:0

Score:0

Introduction

Supposed you have already received your wildcard-certificate and the corresponding private key from StartSSL.com, revisit the website of StartSSL again to prepare a .p12 file (e.g. <wildcard.mydomain.com.p12>) because we need it for the later import process where you create a new vibe keystore.

Download additionally the certificate authority file ca.crt and the corresponding intermediate certificate fils classX.server.ca.crt files from StartCom. Depending on your certificate level you need class2.server.ca.crt for a class2 certificate.

Check as root, that the keytool is reachable, otherwise you can fix that: e.g.

# echo 'PATH=/usr/java/jdk1.6.0_29/bin:$PATH' >> ~/.profile
# source ~/.profile

Preparing the new keystore

As root enter the directory where the tomcat keystore is located: e.g. /opt/novell/teaming/apache-tomcat/conf.

Backup the original keystore that is named .keystore to .keystore.orig and delete the old one.
Place your wildcard.mydomain.com.p12 file in this directory.

Building the new keystore

  1. Now we are going to create the new keystore with the prepared StartSSL .p12:
    # keytool -v -importkeystore -srckeystore <wildcard.mydomain.com> -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS
    	
  2. Have a check, what is actually contained in the keystore:
    # keytool -list -keystore .keystore
    	
  3. Notice: As you can see, there is an automatically given alias “startcom, pfx certificate” for the imported certificate.
    We have to rename it to the alias “tomcat”. This was the important thing for my configuration. Check your alias naming in server.xml.
    Here is the changealias command:

    # keytool -changealias -v -alias "startcom pfx certificate" -destalias tomcat -keystore .keystore
    	
  4. Next import the ca.crt file:
    # keytool -import -alias startcom.ca -file ca.crt -trustcacerts -keystore .keystore 
    	
  5. Import also the necessary intermediate certificate chain file:
    # keytool -import -alias startcom.ca.sub -file sub.class2.server.ca.crt -trustcacerts -keystore .keystore
    	
  6. Set the owner: e.g
    # chown vibeadmin:vibeadmins .keystore
    	
  7. Adjust the rights:
    # chmod 750 .keystore
    	
  8. Restart Teaming:
    # /etc/init.d/teaming restart
    	

Now you should be done.

Because the investigation and tests took a longer time, I wanted to share it.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Technical, Vibe

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS