Skip to end of metadata
Go to start of metadata


Update JSSECACERTS

1. Download InstallCert.java
(https://bitbucket.org/taccaci/xsede-utilities/src in ssl_util)

2. SFTP InstallCert.java to the server you need to install certs on

3. Compile and run InstallCert.java
(javac InstallCert.java; java InstallCert <hostname>)
This will generate a jssecacerts file in the same folder

4. Run 'locate jssecacerts'

5. Copy the generated jssecacerts to every location listed

6. Bounce tomcat

Update KEYSTORE

1. View the location of the keystore, go to tomcat/server.xml and look for the keystore location, example ~/.keystore and note the password that you will need
2. Make a backup of the keystore
cp ~/.keystore ~/keystore.COPY.10.22.2020
3. List the certs in the keystore and find the old one
keytool -list -v -keystore ~/.keystore >> /tmp/certoutput
4. Open the file, look for api.xsede.org and confirm it is expired, look for the alias name of that cert so you can remove it
5. Remove the old certificate:
keytool -delete -noprompt -alias api.xsede.org-1 -keystore .keystore
6. Download a pem file for the api.xsede.org new certificate
openssl s_client -showcerts -connect api.xsede.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > api.xsede.org.cert.pem
6. Import it into your keystore
keytool -import -trustcacerts -alias api.xsede.org-2 -file api.xsede.org.cert.pem -keystore .keystore
7. List the keystore again to ensure it has the new one
keytool -list -v -keystore ~/.keystore >> /tmp/certoutput-NEW

  • If you need the keystore location and password it is located in tomcat's server.xml config file

Restart tomcat and you are back in business


  • No labels