SUN JAVA 7 CSR CREATION AND SSL CERTIFICATE INSTALLATION
GENERATE A CSR USING SUN'S 'REQUEST SERVER CERTIFICATE WIZARD – OPTION 1
- Go to the Certificates Tab/Server Certificates.
- Set a password for your server configuration token.
- Start the 'Request Server Certificate Wizard', choose your configuration, and when prompted enter the password assigned in the last step.
- At step 3, you will enter the details of your domain/organization to be included in the SSL certificate:
Server Name (CN): Usually the fully-qualified domain name of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)
Alternate Server Names: If generating a certificate request for a Multi-Domain (SAN) Certificate, enter additional (SAN) names here. Otherwise, leave it blank
Organization (O): The full legal name of your organization (e.g., TRUSTZONE)
Organizational Unit (OU): Your department, such as 'Information Technology'
Locality, State, Country: City, state, and country where your organization is located
- Continue through the CSR creation wizard, making sure to specify 'CA Signed Certificate' during step 5. Click 'Next' and then 'Finish'.
- You should be provided with a Certificate Signing Request in coded text format.
Copy the entire body of the CSR provided into the TRUSTZONE Order process when requested.
- After you receive your SSL Certificate from TRUSTZONE, you can install it.
GENERATE A CSR USING KEYTOOL – OPTION 2
- Like most Java based systems, it is possible to generate your certificate request from a jks keystore using the 'keytool' command.
- If you decide to use keytool, you will need to use our command line instructions (Option 2) when installing your certificate.
- When choosing your server type during the online order process, make sure to choose Java Tomcat to get the files in the most helpful format for command line installation.
- After you receive your SSL Certificate from TRUSTZONE, you can install it. See SSL Certificate Installation – Sun Java Server 7.0.
INSTALL YOUR SSL TRUSTZONE CERTIFICATE WITH SUN'S 'INSTALL SERVER CERTIFICATE WIZARD' – OPTION 1
- Go to the Certificates Tab/Server Certificates.
- Start the 'Install Server Certificate Wizard', choose your configuration, and when prompted enter the password assigned while creating the CSR.
- On step three, you can either browse to the your_domain_name.crt file you received from TRUSTZONE, or open that file with a text editor and paste it into the 'Certificate Data' box provided.
If you received a .p7b file instead of a .crt file, you can import that file instead (you will skip steps 5 & 6, below).
- Assign a Nickname to your certificate, and pick a listener. Click 'Next', and then 'Finish'.
- In the 'Certificate Authority' tab, install the TrustedRoot.crt file that you received from TRUSTZONE as a 'Certificate Authority' (if you do not have that file, you can download it inside your TRUSTZONE account).
- In that same tab, install the IntermediateCA.crt file as a 'Certificate Chain' file. If you have a IntermediateCA2.crt file as well, install that as a 'Certificate Chain'.
- Under Configurations, go to 'Edit HTTP Listener'. Under 'General', check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates.
Client Authentication should almost always be set to 'False'.
Your SSL certificate should now be installed and configured for use.
INSTALL YOUR SSL DIGITAL CERTIFICATES FROM A KEYSTORE – OPTION 2
For terminal/command line installations, you should have selected Java Tomcat as your server type during the order process. If so, you will have been provided with a certificate file in .p7b format, which you will need to complete the following instructions.
- First, import your certificate (your_domain_name.p7b) using the following keytool command:
keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks
You should get a confirmation that 'Certificate reply was installed in keystore'.
If if asked to trust the certificate, choose y or yes.
Your certificate files have now been installed to the keystore from which they were generated.
- Next, use the wadm utility to import your keystore to the server certificate store.
./ wadm –user=admin migrate-jks-keycert –config=yourconfiguration –keystore=/tmp/your_keystore.jks
- If prompted for an admin-user-password or token-pin, enter the password you assigned previously.
You should get a reply that the command 'migrate-jks-keycert' ran successfully.
Your certificate keystore (the .jks file) should now have been installed to the server certificate store.
- Finally, using Sun's graphical server manager interface, open Configurations, then 'Edit HTTP Listener'.
- Under 'General', check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates (the name might not be self-evident). Client Authentication should almost always be set to 'False'.
- Your SSL certificate should now be correctly installed.
Last updated: August 7, 2017