I am trying to get SSL working w/o apache for the time being.
I followed your procedure and could sucesfully import. Thanks. Great!
I went the into the following file:
/usr/local/ofbiz/framework/catalina/ofbiz-component.xml and changed the
following two lines:
<property name="keystoreFile"
value="framework/base/config/ofbiz.jks"/>
<property name="keystorePass" value="<mypassword>"/>
Which seems not to be the right, because firefox still complaints
When I call https:www.wo-lar.com:8443/myportal/control/main. I get a
"Your connection is not secure". www.wo-lar.com:8443 uses an invalid
security certificate.
When I run <LAN server IP>:8443:/myportal/control/main I get the same
error message. But I can look at hte certificate and that tells me that
it still points to the wrong certificate:
Common name: ofbiz-vm.apache.org
Any thoughts?
Wolfgang
On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote:
> Hi Wolfgang,
>
> if you already have a ceritificate, you should skip steps 2 and 3!
>
> If I understand the steps correctly, with the certreq command you
> now
> have a certificate request with alias "ssl" in your keystore. Later
> you
> try to import a certificate which is not based on your certificate
> request under the same alias "ssl".
>
> Just import your certificate with another alias and you should be
> fine.
>
> Remember: if you use an Apache Webserver before your OFBiz instance,
> you
> do not need to import the certificate in the keystore!
>
> Regards,
>
> Michael Brohl
> ecomify GmbH
> www.ecomify.de
>
>
> Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz:
> > How does this procedure work in case of an existing letsencrypt
> > certificate?
> >
> > Because I have an existing certificate, can I skip steps 3?
> > I continued directly with step 4, uploading and conveting cert.pem
> > to
> > cert.der.
> >
> > But importe step 5 throws out an error: keytool error:
> > java.lang.Exception: Public keys in reply and keystore don't match:
> >
> >
> > 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore [keystore
> > name]"
> > 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file certreq.csr
> > -keystore [keystore name]"
> > 3. Submit the CSR to a signing authority (Thawte, Verisign, etc)
> > 4. Download your certificate from the signing authority. Please
> > remember to download the Certificate in PKCS#7 format. If you get a
> > certificate in pem format don't convert to PKCS#7/P7B Format but
> > der
> > format
> > 5. Import the Certificate into the keystore by running:
> > "keytool -import -alias ssl -trustcacerts -file mysignedcert.cer
> > -keystore [keystore name]"
> >
> >
> > Thanks, Wolfgang
> >
> > On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote:
> > > You will have to import your certificate to the Java keystore and
> > > configure Tomcat to use it [1,2].
> > >
> > > The standard way would be to run OFBiz behind an Apache webserver
> > > with
> > > the virtual hosts configured to use the certificate.
> > >
> > > Regards,
> > >
> > > Michael Brohl
> > > ecomify GmbH
> > > www.ecomify.de
> > >
> > > [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html
> > >
> > > [2]
> > >
> >
> >
https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup
> > >
> > > Am 18.02.19 um 10:53 schrieb wp.rauchh...@gmail.com:
> > > > Would you please point me to a procedure how to setup ofbiz to
> > > > use
> > > > my letsencrypt certificates?
> > > > I don't seem to be able to find one.
> > > >
> > > > Is it possible to ruj Ofbiz under Apache webser?
> > > >
> > > >
> > > > Thank you, Wolfgang
> > > >
> > > >
> > > >
>
>
