upgrade a SSL certificate in one of the servers which has the following configuration Sever information: Sever

Posted in: #Apache #Https #Linux #SecurityCertificate #Tomcat

I am about to install/update/upgrade a SSL certificate in one of the servers which has the following configuration

Sever information: Sever version: Apache Tomcat/6.0.35 OS version: Linux 2.6.18-371.6.1.el5 Architecture: amd64 JVM
version: 1.6.0_30-b30 JVM
Vendor: Sun Microsystems Inc.
Tomcat location: /user/local/apache-tomcate-6.0.35

Generate new SSL certificate request:

I created a folder name keystore (/user/local/apache-tomcate-6.0.35/keystore)

To create a key :
sudo keytool -storepass keypassword -keyalg RSA -keysize 2048 -keystore mydomain.keystore -genkey -alias mydomain

To create SSL certificate request:

sudo keytool -storepass keypassword -keystore mydomain.keystore -certreq -keyalg RSA -file mydomain.csr -alias mydomain.com

After successful executing both the commands I got two files keystore folder - mydomain.keystore - mydomain.csr

The following files are attached into email I received yesterday

Cabundle.cert (What is this? No mention of it in the Wiki)
Zip file

mydomain.crt
root_certificate.crt
Trend_Micro_CA.crt
Affirmtrust_Networking.crt

Installing the certificate:

As per information from other source I downloaded two other files into keystore folder
secure.globalsign.net/cacert/ct_root.der http://secure.globalsign.net/cacert/sureserverEDU.pem

Import the root certificate ‘ct_root.der’ :

[root@ mydomain keystore]#sudo keytool -keystore mydomain.keystore -storepass keypassword -importcert -file ct_root.der -trustcacerts -alias globalsignroot

Outcome: Certificate already exists in system-wide CA keystore under alias <3getcybertrustsolutionsincgtecybertrustglobal root> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore

Import the sure server education certificate ‘sureserverDDU.pem’:

[root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore –storepass keypassword -importcert -file sureserverEDU.pem -trustcacerts -alias sureserveredu

Outcome: Certificate was added to keystore

Import the certificate from email: As per wiki I need to import certificate.pem file
{{{sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.pem}}}.

I don’t have any .pem file in the email I have received and if I run
[root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.crt.
I get an error,
Keytool error: java.lang.Exceptoin: Failed to establish chain from reply

Problem:

This is where I am stuck and don’t know what to do, I assume I have to create a chain.pem with all the received certificates inside it. If this is the case in which order I should copy and paste the certificates?

To be honest I don’t want to try anything which I am not sure about it because it is a live server.

I will really appreciate if someone could help me/providing instruction on how to proceed beyond step #5 to successfully install the certificate. I am also confused what is cabundle.crt that comes with the email.