Menu
the SSL zip file from GoDaddy contains two files
go daddy has a intermediate crt files here: https://certs.godaddy.com/repository
from WSO2 docs they explain how to do this for Comodo CA
https://docs.wso2.com/display/Carbon420/Creating+New+Keystores#CreatingNewKeystores-Step3:ImportCA-signedcertificatestokeystore
keytool -import -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore newkeystore.jks -storepass mypassword
keytool -import -trustcacerts -alias TrustCA -file COMODORSAAddTrustCA.crt -keystore newkeystore.jks -storepass mypassword
keytool -import -trustcacerts -alias SecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore newkeystore.jks -storepass mypassword
Please provide keytool commands to install GoDaddy certs, do I need itermediate files? which ones?
Thanks, Brian.
912
Convert the downloaded certificates from your vendor to .pem files.
openssl x509 -in <CERTIFICATE> -out <CERTIFICATE PEM>
Example:
openssl x509 -in server.crt -out server.pem
Create a certificate chain with the root and intermediate certifications.
cat <CERTIFCATE 1> <CERTIFICATE 2> ... >> <CERTIFICATE CHAIN>
Example:
cat intermediate.pem root_crt.pem >> clientcertchain.pem
or else you can do this by copying the body of each certificate into one text file in the following order.
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate)
-----END CERTIFICATE-----
Export the SSL certificate chain file as a PKCS12 file with "wso2carbon" as the alias.
openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <SERVER_PRIVATE_KEY>.key -in <SERVER_PUBLIC_CERTIFICATE>.crt -CAfile clientcertchain.pem -name "<alias>"
Example:
openssl pkcs12 -export -out KEYSTORE.p12 -inkey server_private_key.key -in server_public_certificate.crt -CAfile clientcertchain.pem -name "wso2carbon"
Please note that server_private_key.key and server_public_certificate.crt should be your server private key and public certificate.
Then to import the generated P12 extension files into newly created keystore
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore <KEY_STORE_NAME>.jks
Phew. Just now Completed the Installation. Basically here are the steps you need to follow. Below are the steps taken from the beginning.
Create Keystore and the CSR
keytool -genkey -alias certalias -keyalg RSA -keysize 2048 -keystore newkeystore.jks
Create CSR - copy output and submit to Go Daddy.
keytool -certreq -alias certalias -keystore newkeystore.jks
Get the Certificates for tomcat you will get below certificates.
Then Prathap's Steps. Convert crt to pem.
Join root and intermediate certificate
cat gdig2.crt.pem gd_bundle-g2-g1.pem >> clientcertchain.pem
Extract the key from the keystore.
create pkcs12 keystore
openssl pkcs12 -export -out final.p12 -inkey key.pem -in [randomNumber].crt -CAfile clientcertchain.pem -name "cacertificates"
Create JKS from pkcs keystore.
keytool -importkeystore -srckeystore final.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
Replace it with wso2carbon.jks located in <WSO2ESB_HOME>/repository/resources/security/
go to <WSO2ESB_HOME>/repository/resources/security/
Extract key file to add client keystore
keytool -export -alias cacertificates -keystore newkeystore.jks -file .pem
Add key to client-truststore.jks
keytool -import -alias cacertificates -file .pem -keystore client-truststore.jks -storepass wso2carbon
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
