SUN JAVA 7 CSR CREATION AND SSL CERTIFICATE INSTALLATION 
 

GENERATE A CSR USING SUN'S 'REQUEST SERVER CERTIFICATE WIZARD – OPTION 1
  • Go to the Certificates Tab/Server Certificates.
     
  • Set a password for your server configuration token.


 

  • Start the 'Request Server Certificate Wizard', choose your configuration, and when prompted enter the password assigned in the last step.
     
  • At step 3, you will enter the details of your domain/organization to be included in the SSL certificate:


 

Server Name (CN): Usually the fully-qualified domain name of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)

Alternate Server Names: If generating a certificate request for a Multi-Domain (SAN) Certificate, enter additional (SAN) names here. Otherwise, leave it blank

Organization (O): The full legal name of your organization (e.g., TRUSTZONE)

Organizational Unit (OU): Your department, such as 'Information Technology'

Locality, State, Country: City, state, and country where your organization is located

  • Continue through the CSR creation wizard, making sure to specify 'CA Signed Certificate' during step 5. Click 'Next' and then 'Finish'.
     
  • You should be provided with a Certificate Signing Request in coded text format.

    Copy the entire body of the CSR provided into the TRUSTZONE Order process when requested.
     

  • After you receive your SSL Certificate from TRUSTZONE, you can install it.
 
GENERATE A CSR USING KEYTOOL – OPTION 2
  • Like most Java based systems, it is possible to generate your certificate request from a jks keystore using the 'keytool' command.
     
  • If you decide to use keytool, you will need to use our command line instructions (Option 2) when installing your certificate.
     
  • When choosing your server type during the online order process, make sure to choose Java Tomcat to get the files in the most helpful format for command line installation.
     
  • After you receive your SSL Certificate from TRUSTZONE, you can install it. See SSL Certificate Installation – Sun Java Server 7.0.

 

INSTALL  YOUR SSL TRUSTZONE CERTIFICATE WITH SUN'S 'INSTALL SERVER CERTIFICATE WIZARD' – OPTION 1
  • Go to the Certificates Tab/Server Certificates.
     
  • Start the 'Install Server Certificate Wizard', choose your configuration, and when prompted enter the password assigned while creating the CSR.
     
  • On step three, you can either browse to the your_domain_name.crt file you received from TRUSTZONE, or open that file with a text editor and paste it into the 'Certificate Data' box provided.

If you received a .p7b file instead of a .crt file, you can import that file instead (you will skip steps 5 & 6, below).


 

  • Assign a Nickname to your certificate, and pick a listener. Click 'Next', and then 'Finish'.
     
  • In the 'Certificate Authority' tab, install the TrustedRoot.crt file that you received from TRUSTZONE as a 'Certificate Authority' (if you do not have that file, you can download it inside your TRUSTZONE account).
     
  • In that same tab, install the IntermediateCA.crt file as a 'Certificate Chain' file. If you have a IntermediateCA2.crt file as well, install that as a 'Certificate Chain'.
     
  • Under Configurations, go to 'Edit HTTP Listener'. Under 'General', check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates.

    Client Authentication should almost always be set to 'False'.

    Your SSL certificate should now be installed and configured for use.

 

INSTALL YOUR SSL DIGITAL CERTIFICATES FROM A KEYSTORE – OPTION 2
 

For terminal/command line installations, you should have selected Java Tomcat as your server type during the order process. If so, you will have been provided with a certificate file in .p7b format, which you will need to complete the following instructions.

  • First, import your certificate (your_domain_name.p7b) using the following keytool command:

keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks

You should get a confirmation that 'Certificate reply was installed in keystore'.

If if asked to trust the certificate, choose or yes.

Your certificate files have now been installed to the keystore from which they were generated.

  • Next, use the wadm utility to import your keystore to the server certificate store.

./ wadm –user=admin migrate-jks-keycert –config=yourconfiguration –keystore=/tmp/your_keystore.jks

  • If prompted for an admin-user-password or token-pin, enter the password you assigned previously.

You should get a reply that the command 'migrate-jks-keycert' ran successfully.

Your certificate keystore (the .jks file) should now have been installed to the server certificate store.

  • Finally, using Sun's graphical server manager interface, open Configurations, then 'Edit HTTP Listener'.
     
  • Under 'General', check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates (the name might not be self-evident). Client Authentication should almost always be set to 'False'.
     
  • Your SSL certificate should now be correctly installed.

 

Last updated: August 7, 2017