PREREQUISITES:
1. Java Development Kit (JDK) -OR- Java Runtime Environment (JRE) version 6 update 27 or later.
2. JDK or JRE “bin” folder added to PATH Environment Variable.
3. 32-bit / 64-bit OpenSSL for Windows (v0.9.8y / v1.0.1c / v1.0.1e).
4. OpenSSL “bin” folder added to PATH Environment Variable.
Step 1: Create a .crt file containing Intermediate and TrustedRoot (CACerts Bundle) Certificates
1) Create a folder and collect all your certificates in one place.
Intermediate (CA_Intermediate.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
2) Open a text editor (such as Notepad++ OR Wordpad) and paste the entire body of each certificate into one text file in the following order :
a) The Intermediate Certificate – CA_Intermediate.crt
b) The Root Certificate - TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: CA_Intermediate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Save the combined file as CACerts.crt. This .crt file is now ready to use in next step.
Step-2: Convert SSL Certificate and Private Key to PKCS12 format using OpenSSL
openssl pkcs12 -export -in Cert.crt -inkey PrivKey.key -certfile CACerts.crt -name tomcat -out keystore.p12 -passout pass:Seclore@123
Note1: Cert.crt is your domain certificate.
Note2: Make sure you put a password on the .p12 file - otherwise you'll get a null reference exception when you try to import it in next step.
Step-3: Convert the PKCS12 (.p12 file) to a JAVA KeyStore (using KeyTool)
keytool -importkeystore -deststorepass Seclore@123 -destkeypass Seclore@123 -destkeystore ps.keystore -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass Seclore@123 -alias tomcat
This will create a Java KeyStore file named ps.keystore and it can be used in Tomcat with the following details:
Alias: tomcat
Password: Seclore@123
Steps to verify the KeyStore file :
-> Start your Demo VM and login with administrator credentials.
-> Goto the policy server folder configured in the Demo VM.
-> rename the ps.keystore file and paste the new file generated here.
-> Add a loop back address and map it to the host name in the host file of the demo vm.
-> Restart the tomcat service.
-> Try by accessing the clients PS URL in the VM the Demo VM PS page should load without any issue.
Please find the attached file for further reference.
Need more help?
Contact Seclore Support
