Deploy SSL certificate for censhare Web - SysAdmin

Prerequisites

You need:

certificate
certificate chain
private key

Import certificate to Java keystore

Export your key, certificate and ca-certificate into a PKCS12 bundle. Be sure to set an export password.

openssl pkcs12 -export -in cert.pem -inkey myprivate.key -chain -CAfile my-ca-file.pem -name "mydomain.com" -out my.p12

If you get the following error message "Error unable to get issuer certificate getting chain." then you should concatenate the openssl ca-certs with your own ca-cert into one file and use that as parameter for -CAfile. Example:

cat cert.pem my-ca-file.pem > ca-certs.pem openssl pkcs12 -export -in cert.pem -inkey myprivate.key -chain -CAfile ca-certs.pem -name "mydomain.com" -out my.p12

Import the PKCS12 file into java keystore

keytool -importkeystore -deststorepass password -destkeystore mydomain.keystore -srckeystore my.p12 -srcstoretype PKCS12

Prepare custom configuration

Copy default configuration.

mkdir ~/cscs/app/services/httpserver/; cp ~/css/app/services/httpserver/jetty.xml ~/cscs/app/services/httpserver/

Modify Key/TrustStorePath and passwords of ~/cscs/app/services/httpserver/jetty.xml to fit your needs. Example:

/opt/corpus/cscs/app/services/httpserver/mydomain.keystore corpus corpus /opt/corpus/cscs/app/services/httpserver/mydomain.keystore corpus

Copy the keystore to /opt/corpus/cscs/app/services/httpserver/ as configured in the jetty.xml.

Activate the changes

Restart the censhare Server to activate the changes.

Verify your configuration

Open a browser and verify your configuration using the FQDN. Example:

For more information, see this https://hostname.mydomain.com:9443/censhare5/client/

Page tree