Hi everybody
We want to access the CMC and InvoView over https protocol.
I create the local certificate and make some changes in the server.xml from Tomcat. This configuration worked.
Now we want an official certificate from VeriSign. For this we create the request file and order a test certificate.
Now I have problem to import this file.
Here are the steps there I have done:
1. Create the local certifikate
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore https_tomcat
2. Create the request file
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore https_tomcat
3. Edit the server.xml file
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\HTTPS_Tomcat\https_tomcat" />
With this configuration the https call is working.
Then send the request.csr file to VeriSign.
I choosing Apache for the 'Select Server Plattform' and WebServerfor the use of SSL.
Now I got a email back from verisign with the test certificate. I copy the zertificate and paste it in notepad.
Save the file as xxx.cer
Additionaly i download the Root CA and the intermediateCA.cer certificate.
4. I Installed the Root CA in the IE as described in this URL:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=so10665
5. I import the chain certificate (intermediateCA.cer)
keytool -import -alias intermediateCA -keystore https_tomcat -trustcacerts -file IntermediateCA.cer
6. Finally i want install the test certificate from VeriSign for our BO System:
-import -alias tomcat -keystore https_tomcat -trustcacerts -file xxx.cer
--> here i got this error message: Keytool-Fehler: java.lang.Exception: Kette konnte nicht aus Antwort entnommen werden.
(Sorry is a german installation)
Can anybody help me?
Regards Stefan