I took a bit time, but what finally helped me to fix it was a combination of this procedure
https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup and this 2nd one: https://ilhicas.com/2018/04/08/How-to-use-letsencrypt-jks.html Apache Proxy in from of Tomcat: Has somebody here sucesfully implemented an apache proxy for tomcat that redirects traffic to ofbiz as well to the other webser services (all php based)? Thanks for your help. Wolfgang On Tue, 2019-02-19 at 12:52 +0100, Michael Brohl wrote: > You will need to store a certificate for the domain you want to use. > > Maybe you should create your own keystore containing only your > certificate and point to this file instead of the original. > > Regards, > > Michael > > > Am 19.02.19 um 12:22 schrieb Wolfgang Paul Rauchholz: > > I am trying to get SSL working w/o apache for the time being. > > > > I followed your procedure and could sucesfully import. Thanks. > > Great! > > > > I went the into the following file: > > /usr/local/ofbiz/framework/catalina/ofbiz-component.xml and changed > > the > > following two lines: > > > > <property name="keystoreFile" > > value="framework/base/config/ofbiz.jks"/> > > <property name="keystorePass" value="<mypassword>"/> > > > > Which seems not to be the right, because firefox still complaints > > When I call https:www.wo-lar.com:8443/myportal/control/main. I get > > a > > "Your connection is not secure". www.wo-lar.com:8443 uses an > > invalid > > security certificate. > > > > > > When I run <LAN server IP>:8443:/myportal/control/main I get the > > same > > error message. But I can look at hte certificate and that tells me > > that > > it still points to the wrong certificate: > > Common name: ofbiz-vm.apache.org > > > > Any thoughts? > > > > Wolfgang > > > > > > > > > > On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote: > > > Hi Wolfgang, > > > > > > if you already have a ceritificate, you should skip steps 2 > > > andhttps://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup > > > 3! > > > > > > If I understand the steps correctly, with the certreq command you > > > now > > > have a certificate request with alias "ssl" in your keystore. > > > Later > > > you > > > try to import a certificate which is not based on your > > > certificate > > > request under the same alias "ssl". > > > > > > Just import your certificate with another alias and you should be > > > fine. > > > > > > Remember: if you use an Apache Webserver before your OFBiz > > > instance, > > > you > > > do not need to import the certificate in the keystore! > > > > > > Regards, > > > > > > Michael Brohl > > > ecomify GmbH > > > www.ecomify.de > > > > > > > > > Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz: > > > > How does this procedure work in case of an existing letsencrypt > > > > certificate? > > > > > > > > Because I have an existing certificate, can I skip steps 3? > > > > I continued directly with step 4, uploading and conveting > > > > cert.pem > > > > to > > > > cert.der. > > > > > > > > But importe step 5 throws out an error: keytool error: > > > > java.lang.Exception: Public keys in reply and keystore don't > > > > match: > > > > > > > > > > > > 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore > > > > [keystore > > > > name]" > > > > 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file > > > > certreq.csr > > > > -keystore [keystore name]" > > > > 3. Submit the CSR to a signing authority (Thawte, Verisign, > > > > etc) > > > > 4. Download your certificate from the signing authority. Please > > > > remember to download the Certificate in PKCS#7 format. If you > > > > get a > > > > certificate in pem format don't convert to PKCS#7/P7B Format > > > > but > > > > der > > > > format > > > > 5. Import the Certificate into the keystore by running: > > > > "keytool -import -alias ssl -trustcacerts -file > > > > mysignedcert.cer > > > > -keystore [keystore name]" > > > > > > > > > > > > Thanks, Wolfgang > > > > > > > > On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote: > > > > > You will have to import your certificate to the Java keystore > > > > > and > > > > > configure Tomcat to use it [1,2]. > > > > > > > > > > The standard way would be to run OFBiz behind an Apache > > > > > webserver > > > > > with > > > > > the virtual hosts configured to use the certificate. > > > > > > > > > > Regards, > > > > > > > > > > Michael Brohl > > > > > ecomify GmbH > > > > > www.ecomify.de > > > > > > > > > > [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html > > > > > > > > > > [2] > > > > > > > > > https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup > > > > > Am 18.02.19 um 10:53 schrieb [email protected]: > > > > > > Would you please point me to a procedure how to setup ofbiz > > > > > > to > > > > > > use > > > > > > my letsencrypt certificates? > > > > > > I don't seem to be able to find one. > > > > > > > > > > > > Is it possible to ruj Ofbiz under Apache webser? > > > > > > > > > > > > > > > > > > Thank you, Wolfgang > > > > > > > > > > > > > > > > > > > >
