GoDaddy SSL Certificate Keystore Installation Tomcat7

问题

I recently bought a ssl key for my website and came across something weird when generating the keystore. In the Godaddy Tutorial it says to import the root certificate, install the intermediate certificate and install the issued certificate into the keystore.

When downloading the files from GoDaddy though it gives me three .crt files. One having a hex name which is the actual certificate and two others files name: gdig2.crt and gd_bundle-g2-g1.crt.

How am I suppose to use import these files in the fashion that they do?

Note: when looking at the bundle file it contains 3 certificates.

回答1:

You will need to have your existing keystore which contains your private key (and provisional certificate). If you've lost that, you'll need to start over again by generating a new private key, cert, and CSR,and sent it to your CA for a replacement.

Then, import the certificates you received from your CA (GoDaddy) using this command each time:

$ keytool -importcert -trustcacerts -keystore [yourstore.jks] \
    -alias [certname] < [certificate].crt

Import the certs in the order in which GoDaddy suggested. You may want to make a copy of your keystore before you begin, just in case you break everything.

回答2:

If can help someone.Tomcat 8

You don't need the xxxx.crt.pem file. Just run the following command on your original version of the keystore file (if renew certificate) for new certificate just use the same keystore file you've just create to get the csr.

So after you receive your zip file from Goddady type the following command.

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file 123456fgscd.crt

sudo initctl restart tomcat

Don't forget to setup Catalina to point to your keystore (server.xml file)

Bingo.