Importing AhsayOBS SSL certificate
Overview
You may configure a custom SSL certificate for AhsayOBS. If you have customers or resellers that directly access the AhsayOBS server, this may improve the impression of a fully branded service.
If you are using AhsayOBS SubAdmins, there are some caveats to SSL support that you should be aware of. See AhsayOBS SSL certificates with multiple SubAdmins » for more information.
Support method
Attach the certificate and matching private key to a support ticket, and we can produce a keystore file for you.
OpenSSL + Portecle method
We recommend using the free software Portecle to understand the structure of the java keystore (JKS) file. This keystore file is used as the trust root for tomcat; it contains entries for all trusted root certificates, as well as one entry "tomcat" that (a) uses the same password as the keystore password; and (b) contains the desired certificate, private key, and all intermediate certificates together.
Inspect the private key to see if it is encrypted. If so, decrypt it:
openssl rsa -in encrypted.key -out private.key- OpenSSL will prompt for a password to decrypt the key.
Ensure that the private key and certificate match by comparing the output of the following commands:
openssl rsa -noout -modulus -in private.keyopenssl x509 -noout -modulus -in certificate.crt
Combine the certificate, private key, and all intermediate certificates into a PKCS12 file:
openssl pkcs12 -export -out combined.p12 -inkey private.key -in certificate.crt -certfile intermediate.crt
Use "Import Key Pair" in Portecle to import the combined PKCS12 file into a fresh copy of the default AhsayOBS supplied keystore file, using the name "tomcat", the same password as the keystore password (default "changeit"), and replacing the existing "tomcat" pair.