using https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33 I generated "server.csr" to further create public certificate. then i got two encrypted keys. I tried to make changes in the config.tcl accordingly but still the project-open application is pointing to local certificates. particial code of config.tcl in which i made changes as follows:
ns_section ns/server/${server}/module/nsopenssl/sslcontexts
ns_param users "SSL context used for regular user access"
ns_section ns/server/${server}/module/nsopenssl/defaults
ns_param server users
ns_section ns/server/${server}/module/nsopenssl/sslcontext/users
ns_param Role server
ns_param ModuleDir ${serverroot}/etc/certs/
ns_param CertFile newcert.pem
ns_param KeyFile keyfile.pem
ns_param CADir ca
ns_param CAFile shipo_cert.txt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
shipo_cert.txt is the certificate provided along with one more certificate shipo_interm.txt.
I searched and tried my best but couldn't do it. please help me out in this.
P.S. the project-open instance is already working with self signed certificate using openssl. but my organization wants it to run with the certificates they are providing
This has been answered previously at Adding an intermediate certificates to a pkcs12 file in JBoss.
Assuming you have a certificate and private key for example.com:
Be sure your certificate (
www-example-com.crtabove) has all the intermediate certificates required to build a valid chain; and not just the server's certificate. That meanswww-example-com.crtwill have multiple PEM entries.Test it with the following.
ca.pemis your CA's root certificate.You should finish with
Verify return code: 0 (ok).