Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » computing » backup » ahsay_ssl
Trace:
computing:backup:ahsay_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
computing:backup:ahsay_ssl [2024/01/04 12:19]
gcooper 		computing:backup:ahsay_ssl [2025/02/03 14:58] (current)
gcooper
Line 44: Line 44:
 </file> </file>
  
-===== Other Miscellaneous Notes =====+===== Install Commercial SSL Certificate =====
  
 List keys in keystore: List keys in keystore:
Line 52: Line 52:
 </file> </file>
  
-Use the default password for the following: ''changeit''+:!: Use the default password for the following: ''changeit''
  
 Delete the existing cert: Delete the existing cert:
Line 62: Line 62:
 ''/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore'' ''/opt/obs/java/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore /opt/obs/conf/keystore''
  
-Choose 'same' for key password ( <enter> )+Press <enter> for the (default) keystore password (changeit)
  
 Certificate request for a commercial cert: Certificate request for a commercial cert:
 +
 +:!: When prompted for ''first and last name'', enter the hostname FQDN.
  
 <file> <file>
Line 70: Line 72:
 </file> </file>
  
-Import the intermediate certificate first, then the primary cert:+Import the intermediate certificate(s) first, then the primary cert: 
 + 
 +:!: Comodo PositiveSSL Domain Validated intermediate certs shown. 
 + 
 +:!: You don't need to import a cert if it already exists.
  
 <file> <file>
-/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /root/SSL/intermediate.ca.crt -keystore /opt/obs/conf/keystore+/opt/obs/java/bin/keytool -import -alias intermediate -trustcacerts -file /path/to/SectigoRSADomainValidationSecureServerCA.crt -keystore /opt/obs/conf/keystore
  
-/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /root/SSL/star.mydomain.com.crt -keystore /opt/obs/conf/keystore+/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/AAACertificateServices.crt -keystore /opt/obs/conf/keystore 
 + 
 +/opt/obs/java/bin/keytool -import -alias intermediate1 -trustcacerts -file /path/to/USERTrustRSAAAACA.crt -keystore /opt/obs/conf/keystore 
 + 
 +/opt/obs/java/bin/keytool -import -alias tomcat -trustcacerts -file /path/to/hostname.yourdomain.com.crt -keystore /opt/obs/conf/keystore 
 +</file> 
 + 
 +Restart OBSR: 
 + 
 +<file> 
 +service obsr stop && service obsr start 
 +</file> 
 + 
 +Make sure SSL port 443 is listening: 
 + 
 +<file> 
 +netstat -tapn
 </file> </file>
  
computing/backup/ahsay_ssl.1704395950.txt.gz · Last modified: 2024/01/04 12:19 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki