Importing Third-Party Web Server Certificates

The Manager web server has a self-signed certificate by default. To replace the self-signed certificate with a certificate from Signiant's third-party certificate authority, Sectigo (formerly Comodo), generate a new certificate signing request (CSR) and import the certificates into your Manager.

Creating a Certificate Signing Request

When generating a certificate signing request (CSR), it is recommended that you create a new keystore to receive the new certificates. This prevents any conflict with existing keystore content.

Linux

To generate a CSR:

  1. Using a terminal, navigate to your JBoss configuration directory:

    $ cd /usr/signiant/dds/3rdparty/jboss/server/default/conf/
  2. Rename your keystore file to back up your existing keystore:

    $ mv keystore keystore.bak
  3. Use keytool to generate a new keystore in the JBoss directory:

    $ keytool -genkey -keyalg RSA -keysize 2048 -keystore keystore
  4. Follow the prompts, entering the relevant information for your organization.

  5. After creating the keystore, create a certificate request using keytool, create a CSR file:

    $ keytool -certreq -file <request_file_name>.csr -keystore <keystore>

Windows

To generate a CSR:

  1. Using the command prompt, navigate to the JBoss directory in your Signiant install folder:

    > cd "\Program Files\Signiant\Mobilize\3rdparty\jboss\server\default\conf"
  2. Rename your keystore file to back up your existing keystore:

    > move keystore keystore.bak
  3. Navigate to the JDK bin directory:

    > cd "\Program Files\Signiant\Mobilize\3rdparty\jdk\bin"
  4. Use keytool to generate a new keystore in the JBoss directory:

    > keytool -genkey -keyalg RSA -keysize 2048 -keystore keystore
    
  5. Follow the prompts, entering the relevant information for your organization.

  6. After creating the keystore, create a certificate request using keytool, create a CSR file in the JBoss server folder:

    > keytool -certreq -file <request_file_name>.csr -keystore ..\..\jboss\server\default\conf\keystore

Submitting a CSR to the Certificate Authority

The generated CSR must be sent to Sectigo for signing. Your valid support contract entitles you to one SSL certification, with a validity of one year, and allows you to send your request via Signiant's Generation Form.

To submit your CSR:

  1. Open the CSR in a text editor and copy all text, including the BEGIN and END tags.
  2. Paste the CSR contents in the certificate authority Generation Form.

Importing Certificates Into Your Keystore

Once Sectigo signs the CSR and returns your certificate bundle and certificate file, download them to your hard drive, and import them into your new keystore.

To import certificates, run the keytool command using the -import command:

> keytool -import -trustcacerts -file <path_to_certificate_bundle> -keystore <keystore>
> keytool -import -trustcacerts -file <path_to_certificate_file> -keystore <keystore>