Install CA certificate for application in Red Hat

  • Post author:
  • Post category:IT / RedHat
  1.  Create a directory under an app/site  in Red Hat server
    /path/cert
  2. Download a root CA certificate and copy to the above folder. Check the certificate expiration
    openssl x509 -text -noout -in certnew.cer
  3. Create a new keystore
    keytool -genkey -lias NAME -keyalg RSA -keystore NAME.jksls /path/cert should show the above two files
    certnew.cer
    NAME.jks
  4. Generate CSR for SAN certificate
    keytool -certreq -keylag RSA alias NAME -file site.cer -keystore NAME.jks -ext SAN=dns:site.abc.com,dns:abc.com
  5. Use CA to generate certificate by copying the content of site.csr to the certificate request. Download the certificate. I saved it as site.abc.com.cer
  6. Import root certificate certnew.cer into key store
    keytool -import -alias root -keystore NAME.jks -trustcacerts -file certnew.cer
  7. Import the site certificate from 5 above
    keytool -import -alias NAME -keystore NAME.jks -trustcacerts -file site.abc.com.cer
  8. List the content of the keystore and it should now contain the root certificate and the site certificate
    keytool -list -keystore NAME.jks

Note: Make sure to add the relative path to the new keystore file in your application configuration file

site.config
[httpd]

/home/path/cert/NAME.jks