SSL Certificate Installation on Sun Java System Web Server 7.x

SSL Certificate Installation on Sun Java System Web Server 7.x
Table of Contents

The issued certificate, which can be downloaded using the guide provided here, can be installed on Sun Java System Web Server in two ways, similar to CSR generation: via keytool or through the UI (Wizard).

I. Wizard

Log in to your Sun Java System Web Server management and click Common Tasks tab.

Select the configuration you are working with (usually your domain name) and click Edit Configuration.

Click the Certificates tab.

Click the Certificate Authority tab and then press Install.

Select your token (internal if the key is generated using this guide).

Open .ca-bundle file with Notepad or TextEdit and paste it into the corresponding box:


Select Certificate File radio button and browse to .p7b file that contains the certificate for your domain and CA bundle.

Now the bundle and certificate are installed.

If the certificate and bundle were sent in .crt and .ca-bundle correspondingly, then the .ca-bundle can be installed following steps 1-6 . The certificate itself can be installed this way:

Repeat steps 1-3.

Select Server Certificates > press Install.

Enter an Alias for the certificate to help you identify it in the future and select the listener.

Complete the wizard by pressing Finish.

The certificate is now installed.

To configure the certificate for use, go to Configuration > Edit HTTP Listener.

Under General, check the box to Enable SSL and select the certificate you just installed. Now the certificate is bound to the listener and HTTP traffic will be encrypted.

After that, you can check the installation here or here.

II. Keytool

  1. Upload the certificate files to your server.
  2. Run the following commands:
    keytool -import -trustcacerts -alias root -file RootCertificate.crt -keystore .jks
    keytool -import -trustcacerts -alias intermediate -file intermediateCertificate.crt -keystore .jks
    keytool -import -trustcacerts -alias -file .crt -keystore .jks
    Note: import COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt with different aliases.
    For example, importing a PositiveSSL with a full bundle will look like this:
    keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore yourkeystore.jks
    keytool -import -trustcacerts -alias intermediate1 -file COMODORSAAddTrustCA.crt -keystore yourkeystore.jks
    keytool -import -trustcacerts -alias intermediate2 -file COMODORSADomainValidationSecureServerCA.crt -keystore yourkeystore.jks
    keytool -import -trustcacerts -alias -file .crt -keystore yourkeystore.jks
    If the certificate is received in a PKCS#7 format – .cer or .p7b – it can be imported in the following way:
    keytool -import -trustcacerts -alias -file .p7b -keystore yourkeystore.jks
  3. Correct your server.xml with the following lines:

    scheme=”https” secure=”true” clientAuth=”false”
    sslProtocol=”TLS” keystoreFile=”path/to/.jks”
    keystorePass=”” >
  4. Restart Sun Java Web Service.

The certificate is successfully installed on the server. You can check it here or here.