Skip to Content

wildcard certificates into BOBJ Web application

Hello All,

I configured tomcat https on BOBJ 4.2 , it works as expected except the certificate trusted warning when opening in the browser. I have valid wild card certificate for the domain. I imported it using the keytool . However, when i open the link, the browser still warns and when i check the certificate it is still using the privatekey certificate but not the trusted wildcard

Steps followed

1) Generated Keystore as per note 1648573 - when asked first name and last name , i used ABC (name changed)

2) changed server.xml file

https started working with warning

wildcard import process

1) got the wildcard.crt certificate ( wildcard entry name :123.com, issued by CA) ( names changed)

2) imported certificate using keytool (keytool -import -file wildcard.crt -alias wildcard -keystore -keystore) . The certifcate imported , but https still uses the same old privatekey entry certificate (i.e ABC, not 123.com)

3) Keytool list shows two enteries 1) privatekey 2) trustedentry

When i tried to import the wildcard card certificate to ssme alias generated in step 1 , it complains public keys in reply dont match keystore

Can someone please share the process followed in importing wildcards

Thanks

Karthik

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    Posted on Aug 17, 2016 at 01:26 PM

    Hi Karthik,

    In a similar case scenario, we were given a PKCS#12 wildcard certificate (*.pfx file format). In order to use it with Tomcat we have followed the steps below:

    1. Receive the wildcard certificate as well as the password. This certificate has to be created by a Certification Authority (e.g. Comodo, Symantec).
    2. Copy the certificate in a selected directory which can be accessed by the account that is used for running BO services etc.
    3. Stop Tomcat.
    4. Modify the 'server.xml' which is located either in '<LINUX_BO_DIR>/sap_bobj/tomcat/conf' or '<WIN_BO_DIR>/tomcat/conf'
    5. Modify accordingly the HTTPS connector

    < Connector

    port="8443"

    protocol="org.apache.coyote.http11.Http11Protocol"

    URIEncoding="UTF-8"

    SSLEnabled="true"

    maxThreads="900"

    scheme="https"

    secure="true"

    clientAuth="false"

    sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

    keystoreFile="<CERTIFICATE_PATH>/wildcard_certificate.pfx"

    keystorePass="CERTIFICATE_PASSWORD"

    keystoreType="PKCS12"

    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

    />

    Notes

    • The password can be presented either in plain text or with the corresponding XML entities.

    Finally, you may find useful the following resources:

    Title: Create a .pfx/.p12 certificate file using OpenSSL

    URL: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

    Title: Passwords - Why are plain text passwords in the config files?

    URL: http://wiki.apache.org/tomcat/FAQ/Password

    Thanks,

    ilias

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Ilias

      Thanks a lot , this is what exactly i was looking for

      No matter how many ways i import .crt wildcard, tomcat is still using the self-signed certificate it created at the time of keystore generation .

      After converting to PCKS format, and pointing tomcat to use this keystore, it worked (i converted crt to PCKS12 using openssl )

      Thanks a lot again

      Thanks

      Karthik

  • Posted on Aug 16, 2016 at 04:01 PM

    this has nothing to do with BOE/SAP products, it's the browser and your certificate. You should google the browser warning and see how to resolve it.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.