That is what I thought I did: 0) shut down ogbiz1) keytool -import -alias <alias> -trustcacerts -file cert.der -keystore <name>.jks2) keytool -import -alias ofbiz -trustcacerts -file cert.der -keystore <name>.jks3) cp name.jks to /usr/local/ofbiz/framework/base/config/4) edit file /usr/local/ofbiz/framework/catalina/ofbiz-component.xml row 147: <property name="keystoreFile" value="framework/base/config/ofbizssl.jks"/> row 150: <property name="keyPass" value="changeit"/>5) start ofbiz What am I doing wrong? Thanks for hwlping. Wolfgang
On Tue, 2019-02-19 at 12:52 +0100, Michael Brohl wrote: > You will need to store a certificate for the domain you want to use. > > Maybe you should create your own keystore containing only your > certificate and point to this file instead of the original. > > Regards, > > Michael > > > Am 19.02.19 um 12:22 schrieb Wolfgang Paul Rauchholz: > > I am trying to get SSL working w/o apache for the time being. > > I followed your procedure and could sucesfully import. Thanks. > > Great! > > I went the into the following > > file:/usr/local/ofbiz/framework/catalina/ofbiz-component.xml and > > changed thefollowing two lines: > > <property > > name="keystoreFile"value="framework/base/config/ofbiz.jks"/> > > <property name="keystorePass" value="<mypassword>"/> > > Which seems not to be the right, because firefox still > > complaintsWhen I call https: > > www.wo-lar.com:8443/myportal/control/main. I get a"Your connection > > is not secure". www.wo-lar.com:8443 uses an invalidsecurity > > certificate. > > > > When I run <LAN server IP>:8443:/myportal/control/main I get the > > sameerror message. But I can look at hte certificate and that tells > > me thatit still points to the wrong certificate:Common name: ofbiz- > > vm.apache.org > > Any thoughts? > > Wolfgang > > > > > > > > On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote: > > > Hi Wolfgang, > > > if you already have a ceritificate, you should skip steps 2 and > > > 3! > > > If I understand the steps correctly, with the certreq command > > > younowhave a certificate request with alias "ssl" in your > > > keystore. Lateryoutry to import a certificate which is not based > > > on your certificaterequest under the same alias "ssl". > > > Just import your certificate with another alias and you should > > > befine. > > > Remember: if you use an Apache Webserver before your OFBiz > > > instance,youdo not need to import the certificate in the > > > keystore! > > > Regards, > > > Michael Brohlecomify GmbHwww.ecomify.de > > > > > > Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz: > > > > How does this procedure work in case of an existing > > > > letsencryptcertificate? > > > > Because I have an existing certificate, can I skip steps 3?I > > > > continued directly with step 4, uploading and conveting > > > > cert.pemtocert.der. > > > > But importe step 5 throws out an error: keytool > > > > error:java.lang.Exception: Public keys in reply and keystore > > > > don't match: > > > > > > > > 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore > > > > [keystorename]"2. Run: "keytool -certreq -alias ssl -keyalg RSA > > > > -file certreq.csr-keystore [keystore name]"3. Submit the CSR to > > > > a signing authority (Thawte, Verisign, etc)4. Download your > > > > certificate from the signing authority. Pleaseremember to > > > > download the Certificate in PKCS#7 format. If you get > > > > acertificate in pem format don't convert to PKCS#7/P7B Format > > > > butderformat5. Import the Certificate into the keystore by > > > > running:"keytool -import -alias ssl -trustcacerts -file > > > > mysignedcert.cer-keystore [keystore name]" > > > > > > > > Thanks, Wolfgang > > > > On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote: > > > > > You will have to import your certificate to the Java keystore > > > > > and > > > > > configure Tomcat to use it [1,2]. > > > > > > > > > > The standard way would be to run OFBiz behind an Apache > > > > > webserver > > > > > with > > > > > the virtual hosts configured to use the certificate. > > > > > > > > > > Regards, > > > > > > > > > > Michael Brohl > > > > > ecomify GmbH > > > > > www.ecomify.de > > > > > > > > > > [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html > > > > > > > > > > [2] > > > > > > > > > https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup > > > > > Am 18.02.19 um 10:53 schrieb wp.rauchh...@gmail.com: > > > > > > Would you please point me to a procedure how to setup ofbiz > > > > > > to > > > > > > use > > > > > > my letsencrypt certificates? > > > > > > I don't seem to be able to find one. > > > > > > > > > > > > Is it possible to ruj Ofbiz under Apache webser? > > > > > > > > > > > > > > > > > > Thank you, Wolfgang > > > > > > > > > > > > > > > > > >