Menu
I've done following steps
Create keystore:
keytool -genkey -alias wso2carbon -keyalg RSA -keystore wso2carbon.jks -keysize 2048
Crete certificate request:
keytool -certreq -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon
Bought Comodo PositiveSSL certificate
Import all certificates to newly created keystore - wso2carbon.jks:
keytool -import -alias root -keystore wso2carbon.jks -trustcacerts -file AddTrustExternalCARoot.crt -storepass wso2carbon
keytool -import -alias intermediate1 -keystore wso2carbon.jks -trustcacerts -file COMODORSAAddTrustCA.crt -storepass wso2carbon
keytool -import -alias intermediate2 -keystore wso2carbon.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt -storepass wso2carbon
keytool -import -alias domain.com -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon
Copied wso2carbon.jks to {CARBON_HOME}/repository/resources/security/ and overwrite the old one.
Restarted WSO2 IS. WHen I inspect with prowser it says in Certificate hiararchy only domain.com is present.
In general I followed this tutorial https://docs.wso2.com/display/AS521/Creating+New+Keystores#CreatingNewKeystores-Creatingakeystoreusinganewcertificate
514
In the Websites and Domains section for the domain name you want to use, click SSL/TLS Certificates. Click Add SSL Certificate. Enter a Certificate name, complete the fields in the Settings section, and then click Request. Click the name of the certificate you added to Plesk.
I've found the solution:
At point 3 I needed to put the same alias like in point 1 for last import - domain.com:
keytool -import -alias wso2carbon -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon
Now it works great with web browsers but when access with Android it is still not trusted, but that is for another topic.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With