The issued certificate (that can be downloaded from ZTABOX email) installation on Sun Java System Web Server can be performed in two ways, similar to CSR generation - keytool and UI (Wizard).
I. Wizard
- Log in to your Sun Java System Web Server management and click Common Tasks tab.
- Select the configuration you are working with (usually your domain name) and click Edit Configuration.
- Click the Certificates tab.
- Click the Certificate Authority tab and then press Install
- Select your token (internal if the key is generated using this guide).
- Open
.ca-bundle file with Notepad or TextEdit and paste it into the corresponding box: or:
Select Certificate File radio button and browse to .p7b file that contains the certificate for your domain and CA bundle.
Now the bundle and certificate are installed.
If the certificate and bundle were sent in .crt and .ca-bundle correspondingly, then the .ca-bundle can be installed following steps 1-6 . The certificate itself can be installed this way:
- Repeat steps 1-3.
- Select Server Certificates > press 'Install'
- Enter an Alias for the certificate to help you identify it in the future and select the listener.
- Complete the wizard by pressing 'Finish'.
The certificate is now installed.
- To configure the certificate for use, go to Configuration > Edit HTTP Listener.
- Under General, check the box to Enable SSL and select the certificate you just installed. Now the certificate is bound to the listener and HTTP traffic will be encrypted.
After that, you can check the installation here or here.
II. Keytool
- Upload the certificate files to your server.
- Run the following commands:
PEM:
keytool -import -trustcacerts -alias root -file RootCertificate.crt -keystore < your keystore="" >.jks< /your >
keytool -import -trustcacerts -alias intermediate -file intermediateCertificate.crt -keystore < your keystore="" >.jks< /your >
keytool -import -trustcacerts -alias < keystore alias="" >-file < domain >.crt -keystore < your keystore="" >.jks your >< /domain >< /keystore >
Note: import COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt with different aliases.
For example, importing a PositiveSSL with a full bundle will look like this:
keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore yourkeystore.jks
keytool -import -trustcacerts -alias intermediate1 -file COMODORSAAddTrustCA.crt -keystore yourkeystore.jks
keytool -import -trustcacerts -alias intermediate2 -file COMODORSADomainValidationSecureServerCA.crt -keystore yourkeystore.jks
keytool -import -trustcacerts -alias < keystore alias="" > -file < domain >.crt -keystore yourkeystore.jks< /domain >< / keystore >
PKCS#7:
If the certificate is received in a PKCS#7 format - .cer or .p7b - it can be imported in the following way:
keytool -import -trustcacerts -alias < keystore alias="" > -file < domain >.p7b -keystore yourkeystore.jks< /domain > keystore >
- Correct your server.xml with the following lines:
< connector port="443" protocol="HTTP/1.1" >
SSLEnabled="true"
scheme="https" secure="true' clientAuth="false"
sslProtocol="TLS" keystoreFile="path/to/< your keystore="" >.jks"
keystorePass="< keystore password="" >' >
< /keystore >< /your >< /connector >
- Restart Sun Java Web Service.
The certificate is successfully installed on the server. You can check it here or here.