Symantec IGA

  • Private Community

  • 1.  Enable SSL using signed certificates

    Posted Feb 20, 2014 09:59 AM

    Hi Team,

    Can some share the documented steps on how to enable SSL using Signed certs for GM installed on JBOSS. The CA document refers to Self-Signed certificates. On high-leveles I have followed the below steps but I get the SSL request served from self-signed instead of Signed...

     

    Steps followed:
    Generated a keystore: Initially
    Keytool  -genkey –alias gmkeystore –keyalg RSA –keystore gmkeystore.keystore
    After few weeks
    Generated Certificate request:
    Keytool –certreq –alias gmkeystore –file server.csr –keypass *** –keystore gmkeystore.keystore –storepass ***
    Imported the signed certificate into above created keystore:
    keytool -importcert -alias plnappgov01-trusted01 -file plnappgov01.cer -keypass *** -keystore gmkeystore.keystore -storepass ***
    Do you still want to add it? [no]:  yes
    Certificate was added to keystore
    Imported the signed certificate into java keystore:
    keytool -importcert -trustcacerts -alias plnappgov01-trusted01 -file plnappgov01.cer –keypass *** –keystore "C:\ProgramFiles\Java\jdk1.6.0_38\jre\lib\security\cacerts" -storepass changeit
    Do you still want to add it? [no]:  yes
    Certificate was added to keystore
    Edited server.xml located under (C:\Program Files\CA\RCM\Server\eurekify-jboss\server\eurekify\deploy\jbossweb.sar)
    <!-- SSL/TLS Connector configuration using the admin devl guide keystore  -->
          <Connector protocol="HTTP/1.1" URIEncoding="UTF-8" SSLEnabled="true"
               port="8443" address="${jboss.bind.address}"
               scheme="https" secure="true" clientAuth="false"
               keystoreFile="${jboss.server.home.dir}/conf/gmkeystore.keystore"
               keystorePass="3t@admin" sslProtocol = "TLS" />
    Thanks,
    Satya


  • 2.  RE: Enable SSL using signed certificates

     
    Posted Feb 24, 2014 04:04 PM
    satyav:

    Hi Team,

    Can some share the documented steps on how to enable SSL using Signed certs for GM installed on JBOSS. The CA document refers to Self-Signed certificates. On high-leveles I have followed the below steps but I get the SSL request served from self-signed instead of Signed...

     

    Steps followed:
    Generated a keystore: Initially
    Keytool  -genkey –alias gmkeystore –keyalg RSA –keystore gmkeystore.keystore
     
    After few weeks
     
    Generated Certificate request:
    Keytool –certreq –alias gmkeystore –file server.csr –keypass *** –keystore gmkeystore.keystore –storepass ***
     
    Imported the signed certificate into above created keystore:
     
    keytool -importcert -alias plnappgov01-trusted01 -file plnappgov01.cer -keypass *** -keystore gmkeystore.keystore -storepass ***
    Do you still want to add it? [no]:  yes
    Certificate was added to keystore
     
    Imported the signed certificate into java keystore:
     
     
    keytool -importcert -trustcacerts -alias plnappgov01-trusted01 -file plnappgov01.cer –keypass *** –keystore "C:\ProgramFiles\Java\jdk1.6.0_38\jre\lib\security\cacerts" -storepass changeit
    Do you still want to add it? [no]:  yes
    Certificate was added to keystore
     
    Edited server.xml located under (C:\Program Files\CA\RCM\Server\eurekify-jboss\server\eurekify\deploy\jbossweb.sar)
     
    <!-- SSL/TLS Connector configuration using the admin devl guide keystore  -->
          <Connector protocol="HTTP/1.1" URIEncoding="UTF-8" SSLEnabled="true"
               port="8443" address="${jboss.bind.address}"
               scheme="https" secure="true" clientAuth="false"
               keystoreFile="${jboss.server.home.dir}/conf/gmkeystore.keystore"
               keystorePass="3t@admin" sslProtocol = "TLS" />
     
    Thanks,
    Satya


    Hi All,

    Any thoughts here for Satya?

    Thanks!

    Chris



  • 3.  Re: RE: Enable SSL using signed certificates

    Posted Jul 09, 2014 02:11 PM

    I got also some issues using enterprise signed certificates. I tried to use KeyStore Explore to store both keys and certificate in the GM server.keystore.

     

    There is no trace of errors in log files but I cannot connect to 8443 anyways.

     

    Any thoughts to help me on this ?