Hi Brian, You follow the below steps and add your Go daddy SSL certificate to the key store.
> - Convert the downloaded ssl certificates from your vendor to .pem > files. > > openssl x509 -in <RA CRT> -out <RA CERT PEM> > Example: > openssl x509 -in your-domain-com-apache.crt -out your-domain-com-apache.pem > openssl x509 -in your-domain-com-ee.crt -out your-domain-com-ee.pem > > - Create a certificate chain with the root and intermediate > certifications. > > cat <CERTIFCATE 1> <CERTIFICATE 2> ... >> <CERTIFICATE CHAIN> > Example: > cat your-domain-com-apache.pem your-domain-com-ee.pem >> > clientcertchain.pem > cat your-domain-com-apache.crt your-domain-com-ee.crt >> > clientcertchain.crt > > - Export the SSL certificate chain file as a PKCS12 file with > "wso2carbon" as the alias. > > openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt > -CAfile clientcertchain.pem -name "<alias>" > Example: > openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CAfile > clientcertchain.pem -name "wso2carbon" > For more information on certificate chaning with wso2 server please reffer to the article [1]. Please not the same communication mechanism we use for device communication using exsisting SSL certificates, can be applied to basic server communications too. [1]. http://wso2.com/library/tutorials/2016/06/how-to-configure-device-communication-with-an-existing-ssl-certificate-with-wso2-enterprise-mobility-manager/ Thanks and Best Regards, Thanks and Best Regards, Kamidu Sachith Punchihewa *Software Engineer* WSO2, Inc. lean . enterprise . middleware Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. On Sat, Oct 1, 2016 at 2:52 PM, Brian Saltzman <[email protected]> wrote: > the SSL zip file from GoDaddy contains two files > > - GoDaddy Certificate Bundles - G2 With Cross to G1, includes Root > (gd_bundle-g2-g1.crt) > - randomfile.crt (I'm assuming that is the ExternalCARoot file.) > > go daddy has a intermediate crt files here: https://certs.godaddy. > com/repository > > from WSO2 docs they explain how to do this for Comodo CA > > https://docs.wso2.com/display/Carbon420/Creating+New+Keystores# > CreatingNewKeystores-Step3:ImportCA-signedcertificatestokeystore > > keytool -import -trustcacerts -alias ExternalCARoot -file > AddTrustExternalCARoot.crt -keystore newkeystore.jks -storepass mypassword > > keytool -import -trustcacerts -alias TrustCA -file COMODORSAAddTrustCA.crt > -keystore newkeystore.jks -storepass mypassword > > keytool -import -trustcacerts -alias SecureServerCA -file > COMODORSADomainValidationSecureServerCA.crt -keystore newkeystore.jks > -storepass mypassword > > Please provide keytool commands to install GoDaddy certs and if I need two > intermediate files and which ones from the intermediate link or if I can > just use the bundle file. > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
