Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Desperately need help setting up wildcard certs on Apache/Tomcat

Status
Not open for further replies.
daniel.warner

daniel.warner

Programmer
Oct 9, 2018
2
0
0
US
Hello all!

I'm a programmer of many years but have been forced to complete wildcard certificates on several Tomcat servers. The end goal being that a PowerShell script will auto-install these certificates on servers without any user intervention. I have the PowerShell kung-fu necessary to get the job done but I'm having real issues getting the certificates to install when doing my testing manually.
I think the problem lies in the certs that I was given to install, but I'm no expert. I keep getting errors.

The certs I was handed to convert/install/use are:
1) ourDomain.cer
2) ourDomain.p7b
3) ourDomain.pfx
4) ourDomain.csr
5) ourDomainIntermediate.cer
6) ourDomainRoot.cer

Again, all these are wildcard certs... e.g. *.mydomain.org

What's the proper way of importing all these certs into Apache/Tomcat? I need instructions using keytool and/or openssl programs. No clicking/dragging/user-intervention please.
 
Sort by date Sort by votes
Your problem is that .cer are MS encoded for IIS you need to convert to .crt for Apache.

use openssl to convert them first.
Code: 
 openssl x509 -inform DER -in certificate.cer -out certificate.crt

or get whomever ordered the certificates to get the correct format.

assuming only one domain being served by Apache.

Add these lines to httpd.conf
Code: 
SSLCertificateFile /etc/ssl/crt/primary.crt

SSLCertificateKeyFile /etc/ssl/crt/private.key

SSLCertificateChainFile /etc/ssl/crt/intermediate.crt

[Edit the paths to suit]

stop and restart Apache and SSL

apachectl restart

or

/etc/init.d/apache2 restart


All options for apachectl are at


Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.
 
Upvote 0 Downvote
Chris,

Thanks for replying!

The lines in the.cer files do not end in "^M" characters, do they still need to be converted? I just assumed it was safe to rename .cer to .crt and move on with the process.

Also, I'm using Tomcat on a Windows server platform, will I need to instead configure the <connector> tag in /conf/server.xml and restart the service?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
70
Krus1972
Krus1972
AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
111
AbidingDude
AbidingDude
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
79
vacunita
vacunita
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
52
bhuv560
bhuv560
gregor weertman
  • Locked
  • Question
set samba &quot;template shell&quot; dependent on group
Replies
0
Views
46
gregor weertman
gregor weertman

Part and Inventory Search

Sponsor

Back
Top