1. DSR Security Guide
  2. Certificate Management
  3. Creating a New Certificate for WebLogic and Tomcat Servers
  4. Importing Certificate

Importing Certificate

This procedure describes the steps to import the certificate.

  1. When the CA returns the signed public key with the intermediate and root certificates, run the following command to import the intermediate and root certificates into your Keystore:
    keytool -importcert -v -noprompt -trustcacerts -alias <alias_for_root_certificate> -file <root_certificate_file> -keystore <server_keystore>.jks -storepass <store_password>
    Where,
      • <alias_for_root_certificate> indicates an alias for the root certificate.
      • root_certificate_file indicates the file name of the root certificate issued by CA.
      • server_keystore indicates the JKS file name that was generated during the Keystore creation.
      • store_password indicates the store password that was provided during the Keystore creation.
  2. Import the public certificate into the Keystore using the private key alias.
  3. To obtain the certificate, do one of the following:
    • From the CA’s website, download the root CA and intermediate CA if available.
    • Double-click the certificate file, and then go to the Certification Path tab.

    • The first certificate in the list is the root CA and the second one is the intermediate CA if available. If you highlight the root CA, and then click View Certificate, it opens the Root CA certificate. Then, you can go to the Details tab and click <Copy to file>. Select Base 64 as the format and save the file. Repeat the same steps to copy the intermediate CA to a file.

  4. When you obtain root CA, intermediate, and certificate files, if you have an intermediate CA, edit it and copy all the content.
  5. Edit the certificate file and paste the intermediate at the bottom of the server certificate. Skip this step if you do not have an intermediate CA.
  6. Repeat the same step for the root CA and paste it at the end of the previously added certificate.
    The following is a sample certificate:
    -------BEGIN CERTIFICATE---------
dfsfsdfdf
sfsdfwehdfhdf <---------certificate
dgdfgfgfdg
--------END CERTIFICATE-----------
-------BEGIN CERTIFICATE---------
hghjgfjgj
sfsdfwejjhdfhdf <---------intermediate
dgdfgiuiyuiuiyufgfdg
--------END CERTIFICATE-----------
-------BEGIN CERTIFICATE---------
dfsfsmbvmvbmdfdf
sfsdetetrtyrfwehdfhdf <---------root CA
dgdfgnbnbvnvbfgfdg
--------END CERTIFICATE-----------
  7. Run the following command to import the certificate:
    keytool -importcert -v -alias <alias_name> -file <mycert> -keystore <server_keystore>.jks -keypass <key_password> -storepass <store_password>
    Where,
    • <alias_name> indicates the alias that was used during the creation of Keystore.
    • <mycert> indicates the file name of the certificate issued by CA.
    • <server_keystore> indicates the JKS file name that was generated during the Keystore creation.
    • <key_password> indicates the Keystore password that was provided during the Keystore creation.
    • <store_password> indicates the store password that was provided during the Keystore creation.
  8. Run the following command to check whether the Keystore creation is complete:
    keytool -list -v -keystore <server_keystore>.jks -storepass <store_password>
  9. Run the following command to import the root CA of your signed certificate to the Trust KeyStore file:
    keytool -alias server_cert -import -file rootcacert.cer -keystore trustkeystore.jks -storepass <Password>
(Optional) Enter the result of the procedure here.