Prerequisites
You need the following:
certificate
certificate chain
private key
Import certificate to Java keystore
Export your key, certificate and ca-certificate into a PKCS12 bundle. Be sure to set an export password:
openssl pkcs12 -export -in cert.pem -inkey myprivate.key -chain -CAfile my-ca-file.pem -name "mydomain.com" -out my.p12
If you get the following error message "Error unable to get issuer certificate getting chain." then you should concatenate the openssl ca-certs with your own ca-cert into one file and use that as parameter for -CAfile. Example:
cat cert.pem my-ca-file.pem > ca-certs.pem openssl pkcs12 -export -in cert.pem -inkey myprivate.key -chain -CAfile ca-certs.pem -name "mydomain.com" -out my.p12
Import the PKCS12 file into java keystore:
keytool -importkeystore -deststorepass password -destkeystore mydomain.keystore -srckeystore my.p12 -srcstoretype PKCS12
Prepare custom configuration
Copy default configuration:
mkdir ~/cscs/app/services/httpserver/; cp ~/css/app/services/httpserver/jetty.xml ~/cscs/app/services/httpserver/
Modify Key/TrustStorePath and passwords of ~/cscs/app/services/httpserver/jetty.xml to fit your needs. Example:
/opt/corpus/cscs/app/services/httpserver/mydomain.keystore corpus corpus /opt/corpus/cscs/app/services/httpserver/mydomain.keystore corpus
Copy the keystore to /opt/corpus/cscs/app/services/httpserver/ as configured in the jetty.xml.
Activate the changes
Restart the censhare Server to activate the changes.
Verify your configuration
Open a browser and verify your configuration using the FQDN. Example:
For more information, see this https://hostname.mydomain.com:9443/censhare5/client/