I am trying to get SSL working w/o apache for the time being. I followed your procedure and could sucesfully import. Thanks. Great!
I went the into the following file: /usr/local/ofbiz/framework/catalina/ofbiz-component.xml and changed the following two lines: <property name="keystoreFile" value="framework/base/config/ofbiz.jks"/> <property name="keystorePass" value="<mypassword>"/> Which seems not to be the right, because firefox still complaints When I call https:www.wo-lar.com:8443/myportal/control/main. I get a "Your connection is not secure". www.wo-lar.com:8443 uses an invalid security certificate. When I run <LAN server IP>:8443:/myportal/control/main I get the same error message. But I can look at hte certificate and that tells me that it still points to the wrong certificate: Common name: ofbiz-vm.apache.org Any thoughts? Wolfgang On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote: > Hi Wolfgang, > > if you already have a ceritificate, you should skip steps 2 and 3! > > If I understand the steps correctly, with the certreq command you > now > have a certificate request with alias "ssl" in your keystore. Later > you > try to import a certificate which is not based on your certificate > request under the same alias "ssl". > > Just import your certificate with another alias and you should be > fine. > > Remember: if you use an Apache Webserver before your OFBiz instance, > you > do not need to import the certificate in the keystore! > > Regards, > > Michael Brohl > ecomify GmbH > www.ecomify.de > > > Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz: > > How does this procedure work in case of an existing letsencrypt > > certificate? > > > > Because I have an existing certificate, can I skip steps 3? > > I continued directly with step 4, uploading and conveting cert.pem > > to > > cert.der. > > > > But importe step 5 throws out an error: keytool error: > > java.lang.Exception: Public keys in reply and keystore don't match: > > > > > > 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore [keystore > > name]" > > 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file certreq.csr > > -keystore [keystore name]" > > 3. Submit the CSR to a signing authority (Thawte, Verisign, etc) > > 4. Download your certificate from the signing authority. Please > > remember to download the Certificate in PKCS#7 format. If you get a > > certificate in pem format don't convert to PKCS#7/P7B Format but > > der > > format > > 5. Import the Certificate into the keystore by running: > > "keytool -import -alias ssl -trustcacerts -file mysignedcert.cer > > -keystore [keystore name]" > > > > > > Thanks, Wolfgang > > > > On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote: > > > You will have to import your certificate to the Java keystore and > > > configure Tomcat to use it [1,2]. > > > > > > The standard way would be to run OFBiz behind an Apache webserver > > > with > > > the virtual hosts configured to use the certificate. > > > > > > Regards, > > > > > > Michael Brohl > > > ecomify GmbH > > > www.ecomify.de > > > > > > [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html > > > > > > [2] > > > > > > > https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup > > > > > > Am 18.02.19 um 10:53 schrieb wp.rauchh...@gmail.com: > > > > Would you please point me to a procedure how to setup ofbiz to > > > > use > > > > my letsencrypt certificates? > > > > I don't seem to be able to find one. > > > > > > > > Is it possible to ruj Ofbiz under Apache webser? > > > > > > > > > > > > Thank you, Wolfgang > > > > > > > > > > > > > >