Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2008-09-23 14:13:17.0

TN 7559 - Installation of Chain Certificate into Tomcat (Keytool)

Question:

How do I install a chain certificate in Tomcat (Keytool) ?

Answer:

To install the chain certificate, you will use the keytool utility. Instructions and examples follow.

keytool -import -alias root -keystore your_keystore_filename \ -trustcacerts -file filename_of_the_combined_chain_and_webcert

As an example: C:\>keytool -import -alias myalias -keystore c:\.mykeystore -trustcacerts -file c:\webcert.txt

Since Java looks at your "cacerts" file for trusted root CAs, the Entrust.Net Certification Authority (204) root is already present in Java 1.4.x.
You do not need to import the chain into "cacerts" directly.
When installing in a windows environment, this combined chain and cert file must include the L1B chain certificate first then the webserver certificate. When installing on Linux, you would put the webserver certificate first then the L1B chain certificate

As an example:

-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIEOGPFrjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0wODA4MjUxODE0MjZaFw0xODA4
MjUxODQ0MjZaMIIBNDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIElu
Yy4xODA2BgNVBAsTL0FORCBBRERJVElPTkFMIFRFUk1TIEdPVkVSTklORyBVU0Ug
QU5EIFJFTElBTkNFMUcwRQYDVQQLEz5DUFMgQ09OVEFJTlMgSU1QT1JUQU5UIExJ
TUlUQVRJT05TIE9GIFdBUlJBTlRJRVMgQU5EIExJQUJJTElUWTE5MDcGA1UECxMw
d3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNl
MR8wHQYDVQQLExYoYykgMjAwOCBFbnRydXN0LCBJbmMuMS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFCMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA3CH1aPl6zofyeN/YO00GfcYk5KnNnQFW5PZxF6p/
dSIY5HRtGz5W1bGmHt1ZJlPKBua6C283u6jGnBU7BhuHDMIaTdOBrttQZaU6ZE8w
NJorqR/9K9E4cRlo8o7re8lAPEjEGbG3ECXvRKfmd5t9Ipre2F7Zw87JcSK7ru8F
1vIX51Z44VMFSiZzuMdJZ5MjD1ayj93JWQXlYxW0h35ARum1AHsDtA3klmcs3htZ
CxofuGNErsHXRIfEkVmcAENtxt8KsLEEzf6+MF46JXLdoj7tRjrHpFxc5CXyEwfo
rtqbGZui2WCdzpBHamF7QOgUwv4vhFpmF8CX00k43mMCnwIDAQABo4IBJjCCASIw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wMwYIKwYBBQUHAQEEJzAl
MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAyBgNVHR8EKzAp
MCegJaAjhiFodHRwOi8vY3JsLmVudHJ1c3QubmV0LzIwNDhjYS5jcmwwOwYDVR0g
BDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5u
ZXQvQ1BTMB0GA1UdDgQWBBT18paIfQ3zKvlO5zSgvUZ+E9YWyDAfBgNVHSMEGDAW
gBRV5IHREYC+2Im5CKMx+aEkCRa5cDAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIA
gTANBgkqhkiG9w0BAQUFAAOCAQEACyU8WPqO3KJCO3ZxbmzUTyu5U1yyWLmx3G8a
5OPEUPJBgrr0fcfB+fqMU7+5YrdJ4x0K/B/WxHZqk8t3Hix/0D8WY0xyTGdgD/iA
1qeayqIzkQ9EsmY9jmgMQIUSN5G5gnc0WS1c34JuLLZ60gSQZ2hLcPwtuP+QZG9+
kffRRzPzW7hYLiHYdWAbE8z4sqj6aqkqWk9FhUC03TQFt3DKAe/hgecRUNs+4tcQ
LmoVf7fUo2KyiWlhV8Z/jp7UJHrzoUNfoHqJ3FnNfdd1p7xT1Uc1xjEwIJ+burWD
5olVAU2RO9aJNYc8g2t6KYLUS9TmFnSwARCraQYUN3v3ZjA6xQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGEjCCBXugAwIBAgIEN0w5HDANBgkqhkiG9w0BAQQFADCBwzELMAkGA1UE
BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50
cnVzdC5uZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UE
AxMxRW50cnVzdC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAeFw0wMzAxMDkxNzE4MjFaFw0wMzExMTAxNzQ2NDFaMHoxCzAJ
BgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2Ex
EDAOBgNVBAoTB0VudHJ1c3QxEzARBgNVBAsTCkVudHJ1c3QgQ1MxITAfBgNV
BAMTGHd3dy50ZXN0Y2VydGlmaWNhdGVzLmNvbTCBnzANBgkqhkiG9w0BAQEF
MCfPxacCAwEAAaOCA1kwggNVMAsGA1UdDwQEAwIFoDArBgNVHRAEJDAigA8y
BAMCBkAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwggFoBgNVHSAEggFfMIIBWzCC
AVcGCSqGSIb2fQdLAjCCAUgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50
cnVzdC5uZXQvY3BzMIIBHAYIKwYBBQUHAgIwggEOGoIBClRoZSBFbnRydXN0
IFNTTCBXZWIgU2VydmVyIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVt
ZW50IChDUFMpIGF2YWlsYWJsZSBhdCB3d3cuZW50cnVzdC5uZXQvY3BzICBp
IGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVu
dHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy
ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDjAMBgNVBAMTBUNS
TDU2MCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9zZXJ2ZXIx
LmNybDAfBgNVHSMEGDAWgBTwF2ITVT2z/woAa/tQhJfz7WLQGjAdBgNVHQ4E
FgQU8PAQJvkXpS82OTYbatZ36ZPmzM4wCQYDVR0TBAIwADAZBgkqhkiG9n0H
QQAEDDAKGwRWNS4wAwIDKDANBgkqhkiG9w0BAQQFAAOBgQCviVPHpMdBNRc+
J88+VVW8k3bQQlyIsbtBr3XYDkqS5o9tSXXmpwJU6G40StrObPdKLHI2C+ho
GiXnmXjFlKXPe/pOjHnU3azNBPJR7edrp523EB0muGTadk9rhnoRNEpUAw9u
hgdRmxjwjO0XhBLVPcsCiiyFoDZpaU9o3MHVXQ==
-----END CERTIFICATE-----

You will need to accept the trusted CA.

You should receive the message:
"Certificate Reply Was Installed Into Keystore"

Affected Products:

• Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable