WSO2 IS: How to add SSL Certificate

6
votes

I've done following steps

  1. Create keystore:

    keytool -genkey -alias wso2carbon -keyalg RSA -keystore wso2carbon.jks -keysize 2048

  2. Crete certificate request:

    keytool -certreq -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon

  3. Bought Comodo PositiveSSL certificate

  4. Import all certificates to newly created keystore - wso2carbon.jks:

    keytool -import -alias root -keystore wso2carbon.jks -trustcacerts -file AddTrustExternalCARoot.crt -storepass wso2carbon

keytool -import -alias intermediate1 -keystore wso2carbon.jks -trustcacerts -file COMODORSAAddTrustCA.crt -storepass wso2carbon

keytool -import -alias intermediate2 -keystore wso2carbon.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt -storepass wso2carbon

keytool -import -alias domain.com -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon

  5. Copied wso2carbon.jks to {CARBON_HOME}/repository/resources/security/ and overwrite the old one.

  6. Restarted WSO2 IS. WHen I inspect with prowser it says in Certificate hiararchy only domain.com is present.

In general I followed this tutorial https://docs.wso2.com/display/AS521/Creating+New+Keystores#CreatingNewKeystores-Creatingakeystoreusinganewcertificate

1
sslwso2certificatessl-certificatewso2is

1 Answers

3
votes

I've found the solution:

At point 3 I needed to put the same alias like in point 1 for last import - domain.com:

keytool -import -alias wso2carbon -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon

Now it works great with web browsers but when access with Android it is still not trusted, but that is for another topic.