7

I've done following steps

  1. Create keystore:

    keytool -genkey -alias wso2carbon -keyalg RSA -keystore wso2carbon.jks -keysize 2048

  2. Crete certificate request:

    keytool -certreq -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon

  3. Bought Comodo PositiveSSL certificate

  4. Import all certificates to newly created keystore - wso2carbon.jks:

    keytool -import -alias root -keystore wso2carbon.jks -trustcacerts -file AddTrustExternalCARoot.crt -storepass wso2carbon

keytool -import -alias intermediate1 -keystore wso2carbon.jks -trustcacerts -file COMODORSAAddTrustCA.crt -storepass wso2carbon

keytool -import -alias intermediate2 -keystore wso2carbon.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt -storepass wso2carbon

keytool -import -alias domain.com -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon

  5. Copied wso2carbon.jks to {CARBON_HOME}/repository/resources/security/ and overwrite the old one.

  6. Restarted WSO2 IS. WHen I inspect with prowser it says in Certificate hiararchy only domain.com is present.

In general I followed this tutorial https://docs.wso2.com/display/AS521/Creating+New+Keystores#CreatingNewKeystores-Creatingakeystoreusinganewcertificate

Community
  • 1
  • 1
zarej
  • 913
  • 1
  • 11
  • 23

1 Answers1

4

I've found the solution:

At point 3 I needed to put the same alias like in point 1 for last import - domain.com:

keytool -import -alias wso2carbon -keystore wso2carbon.jks -trustcacerts -file domain_com.crt -storepass wso2carbon

Now it works great with web browsers but when access with Android it is still not trusted, but that is for another topic.

zarej
  • 913
  • 1
  • 11
  • 23
  • 1
    Indeed, in the carbon.xml and axis2.xml there's a key alias specified (wso2carbon by default). I theory you could use a different alias, but you need to specify it in the config files too. Indeed, if you keep the original alias name, it will work :) – gusto2 Oct 12 '16 at 14:46