cancel
Showing results for 
Search instead for 
Did you mean: 

OpsCenter Server Certificate Renewal

Arshg
Level 2
Partner

Please assist in below issue:

Problem:

Certificate Renewal

What are keystore file name, password, and alias?

 

Step #3

3. Configure your Tomcat server to use the TLS protocol along with the Java Keystore.  To do this, you must edit your Tomcat    server.xml file, which is typically located in the conf folder of your Tomcat’s home directory.

             Before making any changes, you should save a copy of your original server.xml file in case you run into any issues.

             Open the server.xml file in a text editor where you will need to specify your keystore file name, password, and alias.  You should see a section that looks like the following:

 

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="yourkeystore.jks" keystorePass="your_keystore_password" />

 

Thanks,

Arshg

5 REPLIES 5

Will_Restore
Level 6

default values on Linux server* are

keystoreFile=/opt/SYMCOpsCenterGUI/Security/keystore keystorePass=opscenter

* change the keystoreFile path to match your Windows server installation

keyAlias not used

 

Arshg
Level 2
Partner

Thanks .. then what about:

 

  • Tomcat includes a certificate utility called Keytool. All of the steps below will be performed using Java keytool.
  • Important: In order to install your certificate, you must use the same keystore that was created when you requested the certificate.  You must also use the same keystore alias name that was used when the keystore and corresponding private key were generated.  
  • Never share private keys or keystore files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

For more information on SSL/TLS Best Practices, click here.

Installing your Entrust SSL/TLS Certificate on a Tomcat Server

 

1.    Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named CertificateBundle.p7b.  This file includes your signed SSL/TLS certificate and the combined certificate chain. 

 

2.  Type and run the following command on your Tomcat server – the sections that are underlined in this command are variables based on your keystore file name and the alias name you used to create your keystore and Certificate Signing Request. 

     Please note: It is recommended that you type the command into your terminal instead of pasting the command.

 

         keytool –import -trustcacerts -alias server –file CertificateBundle.p7b -keystore yoursite.jks

 

Please advise

Arshg

Will_Restore
Level 6

What is the question?

 

Arshg
Level 2
Partner

Bascially I am unable to import the certificate. Getting below error:

Issuer: CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,O="Entrust, Inc.", C=US

Will_Restore
Level 6

Sorry, I don't see an error, just a notification.