Hello All,
I configured tomcat https on BOBJ 4.2 , it works as expected except the certificate trusted warning when opening in the browser. I have valid wild card certificate for the domain. I imported it using the keytool . However, when i open the link, the browser still warns and when i check the certificate it is still using the privatekey certificate but not the trusted wildcard
Steps followed
1) Generated Keystore as per note 1648573 - when asked first name and last name , i used ABC (name changed)
2) changed server.xml file
https started working with warning
wildcard import process
1) got the wildcard.crt certificate ( wildcard entry name :123.com, issued by CA) ( names changed)
2) imported certificate using keytool (keytool -import -file wildcard.crt -alias wildcard -keystore -keystore) . The certifcate imported , but https still uses the same old privatekey entry certificate (i.e ABC, not 123.com)
3) Keytool list shows two enteries 1) privatekey 2) trustedentry
When i tried to import the wildcard card certificate to ssme alias generated in step 1 , it complains public keys in reply dont match keystore
Can someone please share the process followed in importing wildcards
Thanks
Karthik
Hi Karthik,
In a similar case scenario, we were given a PKCS#12 wildcard certificate (*.pfx file format). In order to use it with Tomcat we have followed the steps below:
< Connector
port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
URIEncoding="UTF-8"
SSLEnabled="true"
maxThreads="900"
scheme="https"
secure="true"
clientAuth="false"
sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="<CERTIFICATE_PATH>/wildcard_certificate.pfx"
keystorePass="CERTIFICATE_PASSWORD"
keystoreType="PKCS12"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
/>
Notes
Finally, you may find useful the following resources:
Title: Create a .pfx/.p12 certificate file using OpenSSL
URL: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
Title: Passwords - Why are plain text passwords in the config files?
URL: http://wiki.apache.org/tomcat/FAQ/Password
Thanks,
ilias
this has nothing to do with BOE/SAP products, it's the browser and your certificate. You should google the browser warning and see how to resolve it.
Add a comment