ofbiz and SSL & apache
Locked
ofbiz and SSL & apache
 
|
Re: ofbiz and SSL & apache
|
|
You will have to import your certificate to the Java keystore and
configure Tomcat to use it [1,2]. The standard way would be to run OFBiz behind an Apache webserver with the virtual hosts configured to use the certificate. Regards, Michael Brohl ecomify GmbH www.ecomify.de [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html [2] https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup Am 18.02.19 um 10:53 schrieb [hidden email]: > Would you please point me to a procedure how to setup ofbiz to use my letsencrypt certificates? > I don't seem to be able to find one. > > Is it possible to ruj Ofbiz under Apache webser? > > > Thank you, Wolfgang > > > |
smime.p7s (5K)
Re: ofbiz and SSL & apache
|
|
Re: ofbiz and SSL & apache
|
|
Hi Wolfgang,
if you already have a ceritificate, you should skip steps 2 and 3! If I understand the steps correctly, with the certreq command you now have a certificate request with alias "ssl" in your keystore. Later you try to import a certificate which is not based on your certificate request under the same alias "ssl". Just import your certificate with another alias and you should be fine. Remember: if you use an Apache Webserver before your OFBiz instance, you do not need to import the certificate in the keystore! Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz: > How does this procedure work in case of an existing letsencrypt > certificate? > > Because I have an existing certificate, can I skip steps 3? > I continued directly with step 4, uploading and conveting cert.pem to > cert.der. > > But importe step 5 throws out an error: keytool error: > java.lang.Exception: Public keys in reply and keystore don't match: > > > 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore [keystore > name]" > 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file certreq.csr > -keystore [keystore name]" > 3. Submit the CSR to a signing authority (Thawte, Verisign, etc) > 4. Download your certificate from the signing authority. Please > remember to download the Certificate in PKCS#7 format. If you get a > certificate in pem format don't convert to PKCS#7/P7B Format but der > format > 5. Import the Certificate into the keystore by running: > "keytool -import -alias ssl -trustcacerts -file mysignedcert.cer > -keystore [keystore name]" > > > Thanks, Wolfgang > > On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote: >> You will have to import your certificate to the Java keystore and >> configure Tomcat to use it [1,2]. >> >> The standard way would be to run OFBiz behind an Apache webserver >> with >> the virtual hosts configured to use the certificate. >> >> Regards, >> >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html >> >> [2] >> > https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup >> >> Am 18.02.19 um 10:53 schrieb [hidden email]: >>> Would you please point me to a procedure how to setup ofbiz to use >>> my letsencrypt certificates? >>> I don't seem to be able to find one. >>> >>> Is it possible to ruj Ofbiz under Apache webser? >>> >>> >>> Thank you, Wolfgang >>> >>> >>> >> |
Re: ofbiz and SSL & apache
|
|
Re: ofbiz and SSL & apache
|
|
You will need to store a certificate for the domain you want to use.
Maybe you should create your own keystore containing only your certificate and point to this file instead of the original. Regards, Michael Am 19.02.19 um 12:22 schrieb Wolfgang Paul Rauchholz: > I am trying to get SSL working w/o apache for the time being. > > I followed your procedure and could sucesfully import. Thanks. Great! > > I went the into the following file: > /usr/local/ofbiz/framework/catalina/ofbiz-component.xml and changed the > following two lines: > > <property name="keystoreFile" > value="framework/base/config/ofbiz.jks"/> > <property name="keystorePass" value="<mypassword>"/> > > Which seems not to be the right, because firefox still complaints > When I call https:www.wo-lar.com:8443/myportal/control/main. I get a > "Your connection is not secure". www.wo-lar.com:8443 uses an invalid > security certificate. > > > When I run <LAN server IP>:8443:/myportal/control/main I get the same > error message. But I can look at hte certificate and that tells me that > it still points to the wrong certificate: > Common name: ofbiz-vm.apache.org > > Any thoughts? > > Wolfgang > > > > > On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote: >> Hi Wolfgang, >> >> if you already have a ceritificate, you should skip steps 2 and 3! >> >> If I understand the steps correctly, with the certreq command you >> now >> have a certificate request with alias "ssl" in your keystore. Later >> you >> try to import a certificate which is not based on your certificate >> request under the same alias "ssl". >> >> Just import your certificate with another alias and you should be >> fine. >> >> Remember: if you use an Apache Webserver before your OFBiz instance, >> you >> do not need to import the certificate in the keystore! >> >> Regards, >> >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz: >>> How does this procedure work in case of an existing letsencrypt >>> certificate? >>> >>> Because I have an existing certificate, can I skip steps 3? >>> I continued directly with step 4, uploading and conveting cert.pem >>> to >>> cert.der. >>> >>> But importe step 5 throws out an error: keytool error: >>> java.lang.Exception: Public keys in reply and keystore don't match: >>> >>> >>> 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore [keystore >>> name]" >>> 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file certreq.csr >>> -keystore [keystore name]" >>> 3. Submit the CSR to a signing authority (Thawte, Verisign, etc) >>> 4. Download your certificate from the signing authority. Please >>> remember to download the Certificate in PKCS#7 format. If you get a >>> certificate in pem format don't convert to PKCS#7/P7B Format but >>> der >>> format >>> 5. Import the Certificate into the keystore by running: >>> "keytool -import -alias ssl -trustcacerts -file mysignedcert.cer >>> -keystore [keystore name]" >>> >>> >>> Thanks, Wolfgang >>> >>> On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote: >>>> You will have to import your certificate to the Java keystore and >>>> configure Tomcat to use it [1,2]. >>>> >>>> The standard way would be to run OFBiz behind an Apache webserver >>>> with >>>> the virtual hosts configured to use the certificate. >>>> >>>> Regards, >>>> >>>> Michael Brohl >>>> ecomify GmbH >>>> www.ecomify.de >>>> >>>> [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html >>>> >>>> [2] >>>> >>> > https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup >>>> Am 18.02.19 um 10:53 schrieb [hidden email]: >>>>> Would you please point me to a procedure how to setup ofbiz to >>>>> use >>>>> my letsencrypt certificates? >>>>> I don't seem to be able to find one. >>>>> >>>>> Is it possible to ruj Ofbiz under Apache webser? >>>>> >>>>> >>>>> Thank you, Wolfgang >>>>> >>>>> >>>>> >> |
Re: ofbiz and SSL & apache
|
|
Re: ofbiz and SSL & apache
|
|
| Free forum by Nabble | Edit this page |