commvault.com commvault.com
Solved

Renewing SSL Certificate

  • 10 January 2022
  • 6 replies
  • 2075 views
R
Rank
Badge +3

Noticed the instructions are incomplete on Creating a CA-Signed Certificate for the Tomcat Server (commvault.com)

Followed instructions, creating keystore file and then generating csr.

After getting csr signed. A CER is received. Now i have a keystore.jks file and signed CER file .

What would be the next action in converting this to correct format to then proceed to Configuring the SSL Certificate for Tomcat Server (commvault.com).

 

Any help is appreciated thank you.

icon

Best answer by Blaine Busler 10 January 2022, 21:31

View original

6 replies

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Hi @Ricky , thanks for the post!

I’ll get our docs team to look at this, while I reach out to our Server team who handle cert issues.

https://www.linkedin.com/in/michael-struening
R
Rank
Badge +3

Thank you.

B
Rank
Userlevel 1
Badge +2

Hi @Ricky,

I assume you have been following the documentation here: https://documentation.commvault.com/11.24/expert/50497_creating_ca_signed_certificate_for_tomcat_server.html#procedure.

Your CA should have provided multiple X.509 certificates that you downloaded from them in step 3 (“Download the root, intermediate, and issued server/domain certificates”)

Typically there are three certificates, each in it’s own .CER file: a root cert, an intermediate cert, and a server cert. You need to import each of those into your keystore. Together, they form a chain of signatures that will allow web browsers to trust your server.

Please check to make sure you have retrieved all of the necessary certificates from your CA, then import them as described in the documentation in step 4 (“Import each signed certificate that is issued by the CA using the following commands”).
 

R
Rank
Badge +3

My signing authority consists of several certificates. Can we import and entire set via .pem file?

B
Rank
Userlevel 1
Badge +2

Hi @Ricky

If each .pem file contains one certificate, you should be able to use the same commands listed in step 4. Just use the .pem filenames instead of the example .crt filenames listed in the docs.

I could be wrong, but I don’t think keytool supports importing certs directly from a pem file that contains certs. So if the CA gave you a single file containing multiple public certificates, you may need to either get individual files from the CA, or split that single pem file into single-cert pem files, before you can import them.

I recommend just getting individual files from your CA and importing those, which will keep things simple.

Otherwise, you can manually split up a multi-cert pem file with a text editor. If a pem contains multiple certs, you’ll see “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” lines delineating each cert in the file. You can make one copy of the original file for each cert it contains, then edit the copies so they each contain just one of those certs.

R
Rank
Badge +3

you were right, Importing single file did not work. Had to split them up and it worked afterwards...Thank you for the info. I got it working.

Reply


Terms & ConditionsCookie settings