Help with Wildcart Certificate

I have tried quite a few ways to install a wildcard cert for my install but I have not had any luck. I tried using the pfx that I use on my other subdomains and servers (apache, IIS, but not tomcat), but Igntion will not start afterward.

Here is the command that I ultimately ended up getting the closest with, it imports the cert OK into to the keystore when I check using keystore - list -keystore but when I copy the ssl.key over, the gateway wont restart.

Am I missing someing? Do I need to isntall the CA cert also?

keytool -importkeystore -srckeystore source.pfx -srcstoretype PKCS12 -srcalias srcalias -destkeystore ssl.key -deststoretype JKS -deststorepass ignition -destalias tomcat


Can you look in the wrapper.log file (in the logs directory in the installation directory) and see why it’s not restarting?

Well, that made it easier! WIth some googling, here is what I did to fix it.

Here is what I found in there.

INFO   | jvm 1    | 2017/12/19 01:26:01 | I [o.e.j.s.ServerConnector       ] [06:26:01]: Started ServerConnector@4b6628{SSL,[ssl, http/1.1]}{} 
INFO   | jvm 1    | 2017/12/19 01:26:01 | WrapperSimpleApp Error: Encountered an error running main:
INFO   | jvm 1    | 2017/12/19 01:26:01 | WrapperSimpleApp Error: Cannot recover key

So I googled and found this this page , which says it has something password protection on pfx files, which is confusing because my source pfx had a password.

So…I ran these commands:

openssl pkcs12 -in source.pfx -out temp  (where source.pfx is your cert)

followed by

openssl pkcs12 -export -in temp -out tomcat.pfx 

I then had to extract the alias in the existing pfx to be able to give it an alias of tomcat later:

First, import to JKS into a temporary keystore…

keytool -importkeystore -srckeystore tomcat.pfx -srcstoretype PKCS12 -destkeystore temp.key -deststoretype JKS -deststorepass ignition

Then list the Keystore with -v to show alias

keytool -v -list -keystore temp.key

The output of that command shows that the alias is 1

Your keystore contains 1 entry

Alias name: 1


keytool -importkeystore -srckeystore tomcat.pfx -srcstoretype PKCS12 -srcalias 1 -destkeystore ssl.key -deststoretype JKS -deststorepass ignition -destalias tomcat

I copied that to my install folder and it worked properly! This was done on a test enviroment, I plan to do a runthough once more before deploying on production server, if there is a change, I will update it here.

There was likely an easier way, no doubt…but this worked!

1 Like