Ask the Community
Groups
How to import SSL certificate into keystore - Connect IT Community | Kaseya
<main> <article class="userContent"> <div><strong>QUESTION:</strong></div> <div>How do I import an SSL certificate into the Traverse webapp keystore?</div> <div> </div> <div> </div> <div><strong>RESOLUTION:</strong></div> <div>Here are the commands used to create the keystore for Tomcat with a wildcard certificate.</div> <div> </div> <div> <em>Note: you must have the private key</em> that was used to generate CSR.</div> <div> </div> <div>Once the CA sends you new certificate, the key may need to be converted into a format that can be read by the "keytool" command:</div> <div> </div> <div># openssl pkcs12 -export -in STAR_somedomain_com.crt -inkey PRIV_somedomain.key -out STAR_somedomain_com.p12 -name tomcat -CAfile AddTrustExternalCARoot.crt -caname root</div> <div> </div> <div><strong><em>Enter Export Password:</em></strong></div> <div><strong><em>Verifying - Enter Export Password:</em></strong></div> <div> </div> <div>On this step, you have to enter a password. In this example, "changeit" was used as it is the default password for the Traverse Tomcat server.</div> <div> </div> <div># apps/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /tmp/webapp.keystore -srckeystore STAR_somedomain_com.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias tomcat</div> <div> </div> <div>On this step and the next step "changeit" is used for the password and the keystore password.</div> <div> </div> <div># cp /tmp/webapp.keystore /usr/local/traverse/plugin/web/</div> <div>cp: overwrite `/opt/traverse/plugin/web/webapp.keystore'? y</div> <div> </div> <div># apps/jre/bin/keytool -keystore ../plugin/web/webapp.keystore -storepass changeit -list -alias tomcat </div> <div> </div> <div><em><strong>tomcat, Oct 7, 2013, PrivateKeyEntry, </strong></em></div> <div><em><strong>Certificate fingerprint (MD5): 14:92:C7:F3:0F:F1:EA:2B:8B:93:25:EA:FC:0D:F3:F7</strong></em></div> <div> </div> <div>Note that "PrivateKeyEntry" is indication that it's a valid certificate that can be used by Tomcat. Please update the standard key installation instructions with this information.</div> <div> </div> <div> <p><strong>APPLIES TO:</strong></p> <p>All versions of Traverse </p> <p> </p> <p><strong>REFERENCE:</strong></p> <p><a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/articles/229042488-Configuration-On-Premise-Configuring-SSL-for-the-Web-Application">Configuration - On-Premise - Configuring SSL for the Web Application</a></p> </div> </article> </main>