Import a given Class2 StartCom Certificate into Novell Vibe Tomcat Keystore

Import a given Class2 StartCom Certificate into Novell Vibe Tomcat Keystore

Introduction



Supposed you have already received your wildcard-certificate and the corresponding private key from StartSSL.com, revisit the website of StartSSL again to prepare a .p12 file (e.g. <wildcard.mydomain.com.p12>) because we need it for the later import process where you create a new vibe keystore.

Download additionally the certificate authority file ca.crt and the corresponding intermediate certificate fils classX.server.ca.crt files from StartCom. Depending on your certificate level you need class2.server.ca.crt for a class2 certificate.

Check as root, that the keytool is reachable, otherwise you can fix that: e.g.
# echo 'PATH=/usr/java/jdk1.6.0_29/bin:$PATH' >> ~/.profile
# source ~/.profile



Preparing the new keystore



As root enter the directory where the tomcat keystore is located: e.g. /opt/novell/teaming/apache-tomcat/conf.

Backup the original keystore that is named .keystore to .keystore.orig and delete the old one.
Place your wildcard.mydomain.com.p12 file in this directory.

Building the new keystore




  1. Now we are going to create the new keystore with the prepared StartSSL .p12:
    # keytool -v -importkeystore -srckeystore <wildcard.mydomain.com> -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS

  2. Have a check, what is actually contained in the keystore:
    # keytool -list -keystore .keystore

  3. Notice: As you can see, there is an automatically given alias "startcom, pfx certificate" for the imported certificate.

    We have to rename it to the alias "tomcat". This was the important thing for my configuration. Check your alias naming in server.xml.

    Here is the changealias command:
    # keytool -changealias -v -alias "startcom pfx certificate" -destalias tomcat -keystore .keystore

  4. Next import the ca.crt file:
    # keytool -import -alias startcom.ca -file ca.crt -trustcacerts -keystore .keystore 

  5. Import also the necessary intermediate certificate chain file:
    # keytool -import -alias startcom.ca.sub -file sub.class2.server.ca.crt -trustcacerts -keystore .keystore

  6. Set the owner: e.g
    # chown vibeadmin:vibeadmins .keystore

  7. Adjust the rights:
    # chmod 750 .keystore

  8. Restart Teaming:
    # /etc/init.d/teaming restart



Now you should be done.

Because the investigation and tests took a longer time, I wanted to share it.
Labels (3)
Tags (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2013-08-27 23:10
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.