06-08-2016 10:30 AM
Please assist in below issue:
Problem:
Certificate Renewal
What are keystore file name, password, and alias?
Step #3
3. Configure your Tomcat server to use the TLS protocol along with the Java Keystore. To do this, you must edit your Tomcat server.xml file, which is typically located in the conf folder of your Tomcat’s home directory.
Before making any changes, you should save a copy of your original server.xml file in case you run into any issues.
Open the server.xml file in a text editor where you will need to specify your keystore file name, password, and alias. You should see a section that looks like the following:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="yourkeystore.jks" keystorePass="your_keystore_password" />
Thanks,
Arshg
06-08-2016 12:12 PM
default values on Linux server* are
keystoreFile=/opt/SYMCOpsCenterGUI/Security/keystore keystorePass=opscenter
* change the keystoreFile path to match your Windows server installation
keyAlias not used
06-08-2016 12:19 PM
Thanks .. then what about:
For more information on SSL/TLS Best Practices, click here.
Installing your Entrust SSL/TLS Certificate on a Tomcat Server
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named CertificateBundle.p7b. This file includes your signed SSL/TLS certificate and the combined certificate chain.
2. Type and run the following command on your Tomcat server – the sections that are underlined in this command are variables based on your keystore file name and the alias name you used to create your keystore and Certificate Signing Request.
Please note: It is recommended that you type the command into your terminal instead of pasting the command.
keytool –import -trustcacerts -alias server –file CertificateBundle.p7b -keystore yoursite.jks
Please advise
Arshg
06-09-2016 05:44 AM
What is the question?
06-09-2016 12:47 PM
Bascially I am unable to import the certificate. Getting below error:
Issuer: CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,O="Entrust, Inc.", C=US
06-10-2016 06:08 AM
Sorry, I don't see an error, just a notification.