Knowledge Base

Installing your SSL Certificates in Sun Java Server

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
CSR Creation | Sun Java SSL Certificates.

Install your SSL Digital Certificate with Sun's "Install Server Certificate Wizard" - Option 1

1. Go to the Certificates Tab/Server Certificates.
2. Start the "Install Server Certificate Wizard," choose your configuration, and when prompted, enter the password assigned while creating the CSR.

3. On step three, you can either browse to your_domain_name.crt file you received from DigiCert, or open that file with a text editor and paste it into the "Certificate Data" box provided.

   If you received a .p7b file instead of a .crt file, you can import that file instead (you will skip steps 5 & 6, below).

   

4. Assign a Nickname to your certificate, and pick a listener. Click "Next," and then "Finish."
5. In the "Certificate Authority" tab, install the TrustedRoot.crt file that you received from DigiCert as a "Certificate Authority" (if you do not have that file, you can download it inside your DigiCert account).
6. In that same tab, install the DigiCertCA.crt file as a "Certificate Chain" file. If you have a DigiCertCA2.crt file as well, install that as a "Certificate Chain".

7. Under Configurations, go to "Edit HTTP Listener". Under "General", check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates.

   Client Authentication should almost always be set to "False".

   Your SSL certificate should now be installed and configured for use.

Install your SSL Digital Certificate from a Keystore - Option 2

For terminal/command line installations, you should have selected Java Tomcat as your server type during the order process. If so, you will have been provided with a certificate file in .p7b format, which you will need to complete the following instructions.

1. First, import your certificate (your_domain_name.p7b) using the following keytool command:

   keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks

   You should get a confirmation that "Certificate reply was installed in keystore"

   If asked to trust the certificate, choose y or yes.

   Your certificate files have now been installed into the keystore from which they were generated.

2. Next, use the wadm utility to import your keystore to the server certificate store.

   ./ wadm --user=admin migrate-jks-keycert --config=yourconfiguration --keystore=/tmp/your_keystore.jks

   If prompted for an admin-user-password or token-pin, enter the password you assigned previously.

   You should get a reply that the command "migrate-jks-keycert" ran successfully.

   Your certificate keystore (the .jks file) should now have been installed in the server certificate store.

3. Finally, using Sun's graphical server manager interface, open Configurations, then "Edit HTTP Listener".
4. Under "General," check the box to enable SSL and select your SSL certificate under Certificate/RSA Certificates (the name might not be self-evident). Client Authentication should almost always be set to "False".

   
   Your SSL certificate should now be correctly installed.