How do we import a vendor supplied certificate into Service Desk's Tomcat?

Document ID : KB000053827
Last Modified Date : 19/04/2018
Show Technical Document Details
Introduction:

This document provides a sample list of steps for importing a VeriSign certificate into Service Desk's tomcat.

    Instructions:

    Solution:

    The CA Service Desk Implementation Guide provides steps on how to import a "self-signed" certificate into Tomcat.
    However, the steps are not the same for a VeriSign supplied certificate.

    The following is an example and may vary slightly depending on the product/certificate purchased from VeriSign.

    Steps to install Certificate from VeriSign into Tomcat

    1. Follow the steps listed on the VeriSign site depending on the type of purchase made ("Secure Site", "Secure Site Pro", etc...):
      https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR234

      When prompted for the certificate type, be sure to request the Microsoft PKCS7 format.
      The java "keytool" should be able to read these without issue.
       
    2. Import the certificate received from VeriSign:
      keytool -import -trustcacerts -file c:\newcert.crt -file "c:\.keystore" -alias tomcat
      Note: the Microsoft pkcs7 format should have the VeriSign intermediate certificates.

      Edit the Service Desk\bopcfg\www\CATALINA_BASE\conf\server.xml in a text editor.
      Locate the SSL connector section.
      Uncomment it as appropriate.
      Edit as shown in the Windows example below where the location of the ".keystore" file is under "c:\cert\":
      <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
              <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
            <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS" keystoreFile="C:\cert\.keystore" keystorePass="changeit" />
          </Connector>
    3. Recycle Service Desk Tomcat:
      pdm_tomcat_nxd -c stop
      pdm_tomcat_nxd -c start
    Additional Information:
    A more in depth analysis of applying SSL to a given Tomcat install is available.  Please review the following documentation link:

    https://docops.ca.com/ca-service-management/17-0/en/administering/configure-ca-service-desk-manager/managing-servers/how-to-configure-ssl-authentication