Hi all-
Finally got it working w/ GoDaddy certificate. This is what I did -
<!--Download openssl developer for win32 or unix-->
1. Create private key file.
openssl genrsa -out privkey.pem 4096
2. Create CSR
openssl req -new -key privkey.pem -out cert.csr
3. Submit CSR to godaddy.
4. Create keystore w/ new certificate.
openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your
certificate> -inkey <name of your certificate private key file> -out
keystore.tomcat -name tomcat -passout pass:changeit
When you have completed installing your certificate, you must configure your
framework/base/config/ofbiz-containers.xml configuration file to point to the
correct pkcs12 keystore file:
1. Open the ofbiz-containers.xml file.
2. Add the following directives to the https-connector tag(towards the
bottom of the file):
keystoreFile=<path to>\keystore.tomcat
keystorePass="changeit"
keystoreType="PKCS12"
4. Restart Tomcat.
Hope this can help someone out at some point.
Rick
Three sources helped:
http://www.openssl.org/docs/HOWTO/certificates.txt
http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Setup+Guide
GoDaddy.com installation instructions.
Richard Fleming <[EMAIL PROTECTED]> wrote: Joe - Thanks for the reply.
First off, according to GoDaddy, thier certificates are downloaded in PKCS#7
format using x.509.
First I created the keystore...
c:\java\jdk1.5\bin\ keytool -genkey -keyalg RSA -alias ssl -keystore
eparts.keystore
Second the CSR..
c:\java\jdk1.5\bin\ keytool -certreq -alias ssl -keyalg RSA -file certreq.csr
-keystore eparts.keystore
Third, submitted to GoDaddy and downloaded 4 files from them..
valicert_class2_root
gd_cross_intermediate.crt
gd_intermediate.crt
www.epartsbiz.com.crt
Forth, I ran the following to import them into the keystore...
keytool -import -alias root -keystore eparts.keystore -trustcacerts
-file valicert_class2_root.crt
keytool -import -alias cross -keystore eparts.keystore
-trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermed -keystore eparts.keystore
-trustcacerts -file gd_intermediate.crt
keytool -import -alias tomcat -keystore eparts.keystore -trustcacerts
-file www.epartsbiz.com.crt
I get success at the end of each import. I then copied the eparts.keystore into
base/config/ and changed the password and file directive in
ofbiz_container.xml. Restarted tomcat.
Thanks for any help!
Rick
Joe Eckard wrote: Can you describe the process you used to import the
certificate into a
keystore?
I always start with a .key and a .crt and follow "Step 3: Loading Keys
and Certificates" here:
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step3
to convert them to pkcs12 and load them into a JKS keystore. (may
require that you download jetty to use their pcks12 import utility
class, depending on your certificate format)
-Joe
On May 17, 2008, at 3:39 PM, Richard Fleming wrote:
> Hi all -
>
> I've created a keystore and downloaded a signed certificate from
> Godaddy.com. I've imported both intermediate and new cert into my
> keystore. I configured the containers.xml to use the new keystore
> and restarted ofbiz. But still both Firefox and IE see the new cert
> as issued by me and it seems therefore that a warning pops up about
> a problem with the certificate not be issued by a trusted authority.
>
> Any pointers about how to go about correcting this would really
> appreciated. I'v followed the ofbiz technical guide for setting up
> SSL.
>
> Do we still need to download in PKCS#7 format? I haven't asked
> Godaddy which format they provide. I'll do that next.
>
> Thanks for any and all pointers.
>
> Rick
>
>
