You will need to store a certificate for the domain you want to use.
Maybe you should create your own keystore containing only your certificate and point to this file instead of the original.
Regards, Michael Am 19.02.19 um 12:22 schrieb Wolfgang Paul Rauchholz:
I am trying to get SSL working w/o apache for the time being. I followed your procedure and could sucesfully import. Thanks. Great! I went the into the following file: /usr/local/ofbiz/framework/catalina/ofbiz-component.xml and changed the following two lines: <property name="keystoreFile" value="framework/base/config/ofbiz.jks"/> <property name="keystorePass" value="<mypassword>"/> Which seems not to be the right, because firefox still complaints When I call https:www.wo-lar.com:8443/myportal/control/main. I get a "Your connection is not secure". www.wo-lar.com:8443 uses an invalid security certificate. When I run <LAN server IP>:8443:/myportal/control/main I get the same error message. But I can look at hte certificate and that tells me that it still points to the wrong certificate: Common name: ofbiz-vm.apache.org Any thoughts? Wolfgang On Tue, 2019-02-19 at 11:53 +0100, Michael Brohl wrote:Hi Wolfgang, if you already have a ceritificate, you should skip steps 2 and 3! If I understand the steps correctly, with the certreq command you now have a certificate request with alias "ssl" in your keystore. Later you try to import a certificate which is not based on your certificate request under the same alias "ssl". Just import your certificate with another alias and you should be fine. Remember: if you use an Apache Webserver before your OFBiz instance, you do not need to import the certificate in the keystore! Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 19.02.19 um 11:26 schrieb Wolfgang Paul Rauchholz:How does this procedure work in case of an existing letsencrypt certificate? Because I have an existing certificate, can I skip steps 3? I continued directly with step 4, uploading and conveting cert.pem to cert.der. But importe step 5 throws out an error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match: 1. Run: "keytool -genkey -keyalg RSA -alias ssl -keystore [keystore name]" 2. Run: "keytool -certreq -alias ssl -keyalg RSA -file certreq.csr -keystore [keystore name]" 3. Submit the CSR to a signing authority (Thawte, Verisign, etc) 4. Download your certificate from the signing authority. Please remember to download the Certificate in PKCS#7 format. If you get a certificate in pem format don't convert to PKCS#7/P7B Format but der format 5. Import the Certificate into the keystore by running: "keytool -import -alias ssl -trustcacerts -file mysignedcert.cer -keystore [keystore name]" Thanks, Wolfgang On Mon, 2019-02-18 at 11:35 +0100, Michael Brohl wrote:You will have to import your certificate to the Java keystore and configure Tomcat to use it [1,2]. The standard way would be to run OFBiz behind an Apache webserver with the virtual hosts configured to use the certificate. Regards, Michael Brohl ecomify GmbH www.ecomify.de [1] https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html [2]https://cwiki.apache.org/confluence/display/OFBiz/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetupAm 18.02.19 um 10:53 schrieb wp.rauchh...@gmail.com:Would you please point me to a procedure how to setup ofbiz to use my letsencrypt certificates? I don't seem to be able to find one. Is it possible to ruj Ofbiz under Apache webser? Thank you, Wolfgang
smime.p7s
Description: S/MIME Cryptographic Signature