Solved: how to install self-signed SSL certificate in Hybr...

former_member623616 · ‎12-22-2016

Hi Experts,

what is the best practice to install self-signed SSL certificate(*.crt) in hybris tomcat server ?

We have got self-signed certificate generated, but not clear how it can be install on hybris tomcat server. We have instruction to install it on Apache Tomcat server, but not on hybris tomcat server.

Thanks, Yaten

former_member623616 · ‎12-29-2016

First we need to convert .crt file into .p12 using openssl and then convert this *.p12 into keystore file using keytools. It worked fine.

Thanks, Yaten

former_member637521 · ‎03-08-2022

Hi Team,

I also tried to given certificate as .p12 in hybris\bin\platform\lib and given passphrase for certificate but not working and giving 400 bad request and tried to give keystore and password in server.xml as well but still facing same issue please can you help me on that?

Former Member · ‎02-28-2017

Hi Yaten, did you managed to solve this issue? I also tried to import a new certificate to the keystore, but not luck.

Regards, Larisa

former_member623616 · ‎12-26-2016

Thanks Andrew. We followed steps suggested by you. Below is overall scenario we have performed, but no luck. Could you please suggest if we are missing anything here:

We have received certificate files from our server team which have 3 files(CACert.crt, #_com.crt, #_com.key). Here password key is - "password"

Now we created keystore file via keytool using following command : keytool -import -alias tomcat -keystore localcert -file *_com.crt (we also tried with other .crt file i.e. CACert.crt)

keystore file gets generated without any issue/error and during this we have provided default password i.e. 123456. Now we replaced this keystore file with default keystore file (location - hybris\bin\platform\tomcat\lib). As we have provided default password during keystore file generation, we haven't modifiled server.xml file. After this we did ANT ALL/ANT CLEAN ALL and started the Hybris server. There are no error in logs.

But we when we tried to access hybris storefront or any hybris store(hmc/cmscockpit/backoofice) we are getting the same below certificate issue(site not trusted).

Your connection is not private

Attackers might be trying to steal your information from *.kpit.com (for example, passwords, messages, or credit cards).

NET::ERR_CERT_AUTHORITY_INVALID Automatically report details of possible security incidents to Google. Privacy policy

andyfletcher · ‎12-22-2016

You need to convert your crt (and corresponding key) to a keystore

This StackOverflow link may help or just Google for convert crt to keystore

The path to keystore and password are controlled from config/tomcat/server.xml on the ssl connector

It looks like

 <Connector port="${tomcat.ssl.port}"
 .... other attributes ....
 keystoreFile="${catalina.home}/lib/keystore"
 keystorePass="123456" />

If you save your keystore over the existing one in platform/tomcat/lib with a password of 123456 then you won't need to edit this file. If you do edit the file to use a different path and pass then don't forget to run ant to get it copied across to the runtime location.

how to install self-signed SSL certificate in Hybris tomcat server

Accepted Solutions (1)

Accepted Solutions (1)

Answers (4)

Answers (4)

Re: Reset number range in C4C

Re: Maintain External ID for Customers/accounts vi...

Re: RFID wristbands for FEC (Family Entertainment ...

EXECUTE QUERY ONLY IF USER IN MY LISTE

Service Cloud V2 last agent interaction