Contact Us

To help prevent spam, Javascript is required in order for you to use this form.

Importing AhsayOBS SSL certificate

Overview

You may configure a custom SSL certificate for AhsayOBS. If you have customers or resellers that directly access the AhsayOBS server, this may improve the impression of a fully branded service.

If you are using AhsayOBS SubAdmins, there are some caveats to SSL support that you should be aware of. See AhsayOBS SSL certificates with multiple SubAdmins » for more information.

Support method

Attach the certificate and matching private key to a support ticket, and we can produce a keystore file for you.

OpenSSL + Portecle method

We recommend using the free software Portecle to understand the structure of the java keystore (JKS) file. This keystore file is used as the trust root for tomcat; it contains entries for all trusted root certificates, as well as one entry "tomcat" that (a) uses the same password as the keystore password; and (b) contains the desired certificate, private key, and all intermediate certificates together.

  1. Inspect the private key to see if it is encrypted. If so, decrypt it:

    • openssl rsa -in encrypted.key -out private.key
    • OpenSSL will prompt for a password to decrypt the key.
  2. Ensure that the private key and certificate match by comparing the output of the following commands:

    • openssl rsa -noout -modulus -in private.key
    • openssl x509 -noout -modulus -in certificate.crt
  3. Combine the certificate, private key, and all intermediate certificates into a PKCS12 file:

    • openssl pkcs12 -export -out combined.p12 -inkey private.key -in certificate.crt -certfile intermediate.crt
  4. Use "Import Key Pair" in Portecle to import the combined PKCS12 file into a fresh copy of the default AhsayOBS supplied keystore file, using the name "tomcat", the same password as the keystore password (default "changeit"), and replacing the existing "tomcat" pair.

See Also