Knowledge Base

Installing a SSL Certificate on Sun Java System Web Server 7.x

The issued certificate (that can be downloaded from ZTABOX email) installation on Sun Java System Web Server can be performed in two ways, similar to CSR generation - keytool and UI (Wizard).

I. Wizard

II. Keytool

I. Wizard

  1. Log in to your Sun Java System Web Server management and click Common Tasks tab.
  2. Select the configuration you are working with (usually your domain name) and click Edit Configuration.

    sun_sws_install_01

  3. Click the Certificates tab.

    sun_sws_install_02

  4. Click the Certificate Authority tab and then press Install

    sun_sws_install_03

  5. Select your token (internal if the key is generated using this guide).

    sun_sws_install_04

  6. Open .ca-bundle file with Notepad or TextEdit and paste it into the corresponding box:

    sun_sws_install_05

    or:

    Select Certificate File radio button and browse to .p7b file that contains the certificate for your domain and CA bundle.

    sun_sws_install_06

    Now the bundle and certificate are installed.

    If the certificate and bundle were sent in .crt and .ca-bundle correspondingly, then the .ca-bundle can be installed following steps 1-6 . The certificate itself can be installed this way:

  7. Repeat steps 1-3.
  8. Select Server Certificates > press “Install”

    sun_sws_install_07

  9. Enter an Alias for the certificate to help you identify it in the future and select the listener.

    sun_sws_install_08

  10. Complete the wizard by pressing “Finish”.

    sun_sws_install_09

    The certificate is now installed.

  11. To configure the certificate for use, go to Configuration > Edit HTTP Listener.
  12. Under General, check the box to Enable SSL and select the certificate you just installed. Now the certificate is bound to the listener and HTTP traffic will be encrypted.

After that, you can check the installation here or here.

II. Keytool

  1. Upload the certificate files to your server.
  2. Run the following commands:

    PEM:

    keytool -import -trustcacerts -alias root -file RootCertificate.crt -keystore < your keystore="" >.jks< /your >

    keytool -import -trustcacerts -alias intermediate -file intermediateCertificate.crt -keystore < your keystore="" >.jks< /your >

    keytool -import -trustcacerts -alias < keystore alias="" >-file < domain >.crt -keystore < your keystore="" >.jks< /domain >< /keystore >

    Note: import COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt with different aliases.

    For example, importing a PositiveSSL with a full bundle will look like this:

    keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias intermediate1 -file COMODORSAAddTrustCA.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias intermediate2 -file COMODORSADomainValidationSecureServerCA.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias < keystore alias="" > -file < domain >.crt -keystore yourkeystore.jks< /domain >< / keystore >

    PKCS#7:

    If the certificate is received in a PKCS#7 format - .cer or .p7b - it can be imported in the following way:

    keytool -import -trustcacerts -alias < keystore alias="" > -file < domain >.p7b -keystore yourkeystore.jks< /domain >


  3. Correct your server.xml with the following lines:

    < connector port="443" protocol="HTTP/1.1" >
    SSLEnabled="true"
    scheme="https" secure="true” clientAuth="false"
    sslProtocol="TLS" keystoreFile="path/to/< your keystore="" >.jks"
    keystorePass="< keystore password="" >” >
    < /keystore >< /your >< /connector >


  4. Restart Sun Java Web Service.

The certificate is successfully installed on the server. You can check it here or here.