Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » computing » backup » ahsay_ssl
Trace:
computing:backup:ahsay_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
computing:backup:ahsay_ssl [2024/01/03 11:33]
gcooper 		computing:backup:ahsay_ssl [2025/02/03 14:58] (current)
gcooper
Line 44: Line 44:
 </file> </file>
  
-===== Install Commercial Wildcard Certificate ===== +===== Install Commercial SSL Certificate =====
- +
-These are instructions on how to import an existing wildcard certificate. +
- +
-  - Download the keystore file from your backup server +
-    * <file>/opt/obs/conf/keystore</file> +
-  - Download the free KeyStore Explorer and install on your computer +
-    * Linux, Mac or Windows +
-    * Requires Sun Java +
-    * https://keystore-explorer.org +
-  - Open the downloaded keystore file in KeyStore Explorer +
-  - Delete the ''tomcat'' entry +
-    * The default password is ''changeit'' +
-  - Import the commercial key pair +
-    - **Tools -> Import Key Pair** +
-    - Choose OpenSSL, but it could be different for your cert +
-    - De-select ''Encrypted Private Key'' +
-    - Select your Private Key (probably a ''.key'' file) +
-    - Select your Certificate (probably a ''.crt'' file) +
-    - Click Import +
-  - On the next screen, change the alias to ''tomcat'' and click OK +
-  - Enter ''changeit'' (twice) as the password and click OK +
-  - Save the keystore file +
-  - Upload it back to the original location on your Ahsay backup server +
-  - Restart your Ahsay backup server +
- +
-===== Other Miscellaneous Notes =====+
  
 List keys in keystore: List keys in keystore:
Line 78: Line 52:
 </file> </file>
  
-Use the default password for the following: ''changeit''+:!: Use the default password for the following: ''changeit''
  
 Delete the existing cert: Delete the existing cert:
Line 88: Line 62:
 ''/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore'' ''/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore''
  
-Choose 'same' for key password ( <enter> )+Press <enter> for the (default) keystore password (changeit)
  
 Certificate request for a commercial cert: Certificate request for a commercial cert:
 +
 +:!: When prompted for ''first and last name'', enter the hostname FQDN.
  
 <file> <file>
Line 96: Line 72:
 </file> </file>
  
-Import the intermediate certificate first, then the primary cert:+Import the intermediate certificate(s) first, then the primary cert: 
 + 
 +:!: Comodo PositiveSSL Domain Validated intermediate certs shown. 
 + 
 +:!: You don't need to import a cert if it already exists.
  
 <file> <file>
-/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /root/SSL/intermediate.ca.crt -keystore /opt/obs/conf/keystore+/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /path/to/SectigoRSADomainValidationSecureServerCA.crt -keystore /opt/obs/conf/keystore
  
-/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /root/SSL/star.mydomain.com.crt -keystore /opt/obs/conf/keystore+/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/AAACertificateServices.crt -keystore /opt/obs/conf/keystore 
 + 
 +/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/USERTrustRSAAAACA.crt -keystore /opt/obs/conf/keystore 
 + 
 +/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /path/to/hostname.yourdomain.com.crt -keystore /opt/obs/conf/keystore
 </file> </file>
 +
 +Restart OBSR:
 +
 +<file>
 +service obsr stop && service obsr start
 +</file>
 +
 +Make sure SSL port 443 is listening:
 +
 +<file>
 +netstat -tapn
 +</file>
 +
 +===== Install a Commercial Wildcard Certificate =====
 +
 +FIXME Unverified
 +
 +These are instructions on how to import an existing wildcard certificate.
 +
 +  - Download the keystore file from your backup server
 +    * <file>/opt/obs/conf/keystore</file>
 +  - Download the free KeyStore Explorer and install on your computer
 +    * Linux, Mac or Windows
 +    * Requires Sun Java
 +    * https://keystore-explorer.org
 +  - Open the downloaded keystore file in KeyStore Explorer
 +  - Delete the ''tomcat'' entry
 +    * The default password is ''changeit''
 +  - Import the commercial key pair
 +    - **Tools -> Import Key Pair**
 +    - Choose OpenSSL, but it could be different for your cert
 +    - De-select ''Encrypted Private Key''
 +    - Select your Private Key (probably a ''.key'' file)
 +    - Select your Certificate (probably a ''.crt'' file)
 +    - Click Import
 +  - On the next screen, change the alias to ''tomcat'' and click OK
 +  - Enter ''changeit'' (twice) as the password and click OK
 +  - Save the keystore file
 +  - Upload it back to the original location on your Ahsay backup server
 +  - Restart your Ahsay backup server
 +
  
computing/backup/ahsay_ssl.1704306836.txt.gz · Last modified: 2024/01/03 11:33 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki