To install an SSL certificate on Orion Application Server 2.02 follow the instructions below:
Step 1: Download your Thawte certificate in PKCS#7 format
- You will receive an email when your certificate is issued.
- You can download the certificate from your account:
Certificate Center Enterprise
- Copy and Paste your Thawte certificate to a plain text editor such as Notepad or Vi and save as cert.p7b
NOTE: Make sure there are 5 dashes to either side of the BEGIN PKCS#7 and END PKCS#7 and that no white space, extra line breaks or additional characters have been inadvertently added.
Step 2: Install your certificate
- Import the certificate into the Java keystore using the following keytool command:
keytool -import -alias [enter_alias_name] -trustcacerts -file cert.p7b -keystore [enter_keystore_name]
NOTE: The alias name and keystore name in this command must be the same as the alias name and keystore name
used during the generation of the private key and CSR.
NOTE: During the import you might get following error: Error: "java.lang.Exception: Input not an X.509 certificate".
Click here to troubleshoot this error message.
Alternate installation instruction if above error with "keytool error: certificatessxception: Input not an X.509 certificate" occur.
- Follow Step 1 by downloading an X.509 certificate file format.
- Download the Intermediate certificate
- Select the Intermediate CA link based on your certificate product type. Once you have the SSL certificate & Intermediate CA certificate file, begin the import process.
NOTE: It is imperative the installation of Intermediate CA and SSL certificate on the keystore is followed below.
- Import the Intermediate certificate (e.g., use alias: intermediate)
keytool -import -alias intermediate -trustcacerts -file intermediate_file_name -keystore [enter_keystore_name]
- Import the SSL certificate (Use the same alias name based on the created keystore and submitted CSR from Thawte)
keytool -import -alias [enter_alias_name] -trustcacerts -file X.509_file_name -keystore [enter_keystore_name]
Step 3: Confirm the contents of the keystore
Enter the following command to list the contents of the keystore:
keytool -list -v -keystore your_keystore_filename >output_filename.txt
View the contents of the output file.
The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry. If not, please import the certificate into the Private Key alias.
Step 4: Configure Jetty server
- Configure the -Dorion.core.configFile=/home/username/orion.conf to point to the Keystore and password:
Example:jetty.https.enabled = true
jetty.https.port = 8443
jetty.ssl.keystore = [the keystore location]
jetty.ssl.password = [password]
jetty.ssl.keypassword = [password]
NOTE: Use Orion Configuring Setting reference for a correct configuration Configuring to run over SSL
The SSL Port needs to be enabled on Jetty Java HTTP Servlet Web Server as well as on any firewall/s or router/s in place.
NOTE: Orion / Server admin guide
Step 5: Verify certificate installation
To verify if your certificate is installed correctly, use the Thawte Installation Checker