×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Desperately need help setting up wildcard certs on Apache/Tomcat

Desperately need help setting up wildcard certs on Apache/Tomcat

Desperately need help setting up wildcard certs on Apache/Tomcat

(OP)
Hello all!

I'm a programmer of many years but have been forced to complete wildcard certificates on several Tomcat servers. The end goal being that a PowerShell script will auto-install these certificates on servers without any user intervention. I have the PowerShell kung-fu necessary to get the job done but I'm having real issues getting the certificates to install when doing my testing manually.
I think the problem lies in the certs that I was given to install, but I'm no expert. I keep getting errors.

The certs I was handed to convert/install/use are:
1) ourDomain.cer
2) ourDomain.p7b
3) ourDomain.pfx
4) ourDomain.csr
5) ourDomainIntermediate.cer
6) ourDomainRoot.cer

Again, all these are wildcard certs... e.g. *.mydomain.org

What's the proper way of importing all these certs into Apache/Tomcat? I need instructions using keytool and/or openssl programs. No clicking/dragging/user-intervention please.

RE: Desperately need help setting up wildcard certs on Apache/Tomcat

Your problem is that .cer are MS encoded for IIS you need to convert to .crt for Apache.

use openssl to convert them first.

CODE

openssl x509 -inform DER -in certificate.cer -out certificate.crt 

or get whomever ordered the certificates to get the correct format.

assuming only one domain being served by Apache.

Add these lines to httpd.conf

CODE

SSLCertificateFile /etc/ssl/crt/primary.crt

SSLCertificateKeyFile /etc/ssl/crt/private.key

SSLCertificateChainFile /etc/ssl/crt/intermediate.crt 

[Edit the paths to suit]

stop and restart Apache and SSL

apachectl restart

or

/etc/init.d/apache2 restart


All options for apachectl are at https://httpd.apache.org/docs/2.4/programs/apachec...

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.

RE: Desperately need help setting up wildcard certs on Apache/Tomcat

(OP)
Chris,

Thanks for replying!

The lines in the.cer files do not end in "^M" characters, do they still need to be converted? I just assumed it was safe to rename .cer to .crt and move on with the process.

Also, I'm using Tomcat on a Windows server platform, will I need to instead configure the <connector> tag in /conf/server.xml and restart the service?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close