PrinterOn KB Powered By ePRINTit USA

Detailed steps to get CA-signed SSL cert into Apache - c06298910

We use Apache Tomcat as a web host, so you can follow these directions:

Tomcat uses the Java keystore format to store the certificates. Below are the steps required to generate a new keystore for CPS. You will need to run this from command prompt.

You will need to find the location of the executable called keytool.exe and open Command Prompt under that directory. Keytool is located in bin directory of the Java install (i.e. C:\Program Files (x86)\Java\jre7\bin).

  1. Generate the Key First run cd\ "C:\Program Files (x86)\Java\jre7\bin" to change your Command Prompt directory to the folder where keytool.exe is stored.
    Next enter this command:
    keytool -genkey -alias <chosen alias> - keypass <password> - keystore <keystore file> - storepass <password> - keyalg rsa - storetype jks - validity 730 - keysize 2048
    Replace the values in chevrons with something of your choosing, write down these values for the next step. When prompted for the first name last name that is the server name of the URL end users will access the website at.
  2. Generate the CSR
    keytool -certreq -alias -<chosen alias> -file printeron.crq -keypass <password> -storetype jks -keystore <keystore file> - storepass <password>
    Open the newly created .crq file from the Java bin folder in Notepad and verify it looks something like this:
  3. Copy the contents of the file output from the previous step and submit the CSR to the CA ( i.e. GeoTrust, Verisign, Thawte, etc.). When the CA has signed the Certificate you will need to download the certificate in PKCS #7 format . Save the PKCS #7 Cert contents to a file which we will use to load into the keystore in the next step.
  4. Load the PKCS #7 cert into the keystore using the below command:
    keytool -import -alias printeron -file <pkcs7 cert filename> - keypass changeit -storetype jks -keystore printeron.keystore -storepass changeit
  5. Launch the server.xml file from C:\Program Files (x86)\PrinterOn Corporation\Apache Tomcat\conf and navigate to the section that begins with “Define a SSL HTTP/1.1 Connector”. Update the keystore filename and password if required. The newly created keystore should be copied into the location shown in the keystoreFile field.
  6. Restart your Apache Tomcat service

If you would like to validate the contents of a Keystore to make sure it looks ok with regard to certificate chains, then you can run the following command against the keystore file

keytool -list -v -keystore printeron.keystore