#tomcat #serverxml #connector
Frustrated by the lack of documentation by Adventnet on this topic, I decided to dig into and discover the proper procedure on installing an SSL certificate that would work for their ADManagerPlus application. Having some previous experience with Java certificate stores, I used that knowledge to complete the task. If you are like me, I tried to use Adventnet s documentation but kept getting stuck on how to embed the Root CA correctly (knowing this from the fact that https revealed an untrusted certificate!). This is the process I followed to get ADManagerPlus working with our private Root CA
- Shutdown ADMangerPlus if it is currently running
- Open a command prompt and navigate to C:AdventNetADManagerPlusjrebin
- Execute the following command:keytool -genkey -alias tomcat -keyalg RSA -keystore admp.keystore
keytool -certreq -keyalg RSA -alias tomcat -file certkey.txt -keystore admp.keystore
keytool -list -v -keystore admp.keystore -storepass password (password from step 4)
Two certificates should be listed, the first being the ADManagerPlus web server certificate and the second being the Root CA certificate. Syntax will be as follows:
Entry type: keyEntry
Certificate chain length: 2
If the certificate chain length is 1, go back through the steps to determine potential errors. Do not proceed with these final four steps or the ADManagerPluse server service will hang (and lock) at startup.
- Once the certificate signing is verified, open Windows Explorer and rename both the server.xml (to serverxml.old) file and the server.keystore (to serverkeystore.old) file in the C:AdventNetADManagerPlusconf directory.
- Now copy the admp.keystore file from C:AdventNetADManagerPlusjrebin in to C:AdventNetADManagerPlusconf directory.
- Edit the server.xml file from C:AdventNetADManagerPlusconf using any text editor. Scroll to the bottom of the file and look for the line that begins with Connector acceptCount .
- Scroll to the section of the line that says keystoreFile= ./conf/server.keystore keystorePass= adventnet . Change the server.keystore to admp.keystore and change the password to match the one set in step 4. Save and close the file.
That completes both the Root CA installation and the certificate keystore installation. Re-start ADManagerPlus service and access the FQDN of the ADManagerPlus server via web browser.