Set SSL certificate on Tomcat server Follow
This note is for cases that your Forms/EBS are HTTPS and use certificate that does not exist on the tomcat server.
In that case you will get an error when the ServiceManager would try to open a connection against the Forms/EBS server.
You will see that error in ServiceManager->Log.
You will get the following error in the Log:
javax.net.ssl.
In order to resolve that issue, it would be required to add the certificate to tomcat server for that HTTPS.
How to import certificates
Go to URL in your browser, click on HTTPS certificate chain (little lock symbol next to URL address) to export the certificate
- Click "more info" > "security" > "show certificate" > "details" > "export..".
- Save as .der
- Repeat for any certificates you need to import
If the certificate is .pem you can convert it using:
openssl x509 -in cert.pem -out cert.der -outform DER
On Linux
2. Locate $JAVA_HOME/jre/lib/security/cacerts
3. Import all *.der files into the cacerts file using the following:
sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der
4. Repeat #3 for all environments
5. The default keystore password is 'changeit'
6. You can view the change that you made with this command that shows the Certificate fingerprint.
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
7. If this doesn't solve the problem, try adding these java options as arguments to tomcat:
-Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts"
-Djavax.net.ssl.trustStorePassword=changeit
On Windows
-
Locate the
cacerts
file:
Find the cacerts
file located at %JAVA_HOME%\lib\security\cacerts
.
-
Import the
.der
files into thecacerts
file:- Open Command Prompt as Administrator.
- Run the following command to import each certificate:
keytool -import -alias mysitestaging -keystore %JAVA_HOME%\lib\security\cacerts -file staging.der
-
Repeat Step 3 for all environments.
-
Default keystore password:
- The default password for the keystore is
changeit
.
- The default password for the keystore is
-
Verify the import:
- You can view the changes you made with this command that shows the Certificate fingerprint:
keytool -list -keystore %JAVA_HOME%\lib\security\cacerts
-
Additional Java options:
- If this does not solve the problem, try adding these Java options as arguments to Tomcat:
-Djavax.net.ssl.trustStore="%JAVA_HOME%\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit
Comments
0 comments
Please sign in to leave a comment.