Environment
Reflection for the Web 2014 (All Editions)
Reflection for the Web 2011 (All Editions)
Reflection for the Web 2008 (All Editions)
Reflection Security Gateway 2014
Reflection for the Web 2011 (All Editions)
Reflection for the Web 2008 (All Editions)
Reflection Security Gateway 2014
Situation
This technical note describes the steps to follow to convert an OpenSSL
certificate to a format that can be used by the Reflection for the Web's
or Reflection Security Gateway's certificate wizard. Once converted,
you will import the certificate to Tomcat's certificate keystore.
Resolution
Converting the Certificate
If you have a certificate generated by an Apache server, the certificate format must be converted to a format (pkcs12) recognized by the Reflection certificate wizard. Follow these steps to convert your certificate.
- Locate your Apache-generated certificate. It is typically located in the folder that contains the private key and certificate request file.
- Create the pkcs12 package by executing the following command, replacing <myCert> with the name of your Apache certificate:
openssl pkcs12 –export –inkey <myPrivateKey> –in <myCert> –out <myExportedFile>.pfxExecuting the command above creates a file called <myExportedFile>.pfx in your current folder.
Importing the Converted Certificate
Once your Apache certificate is converted to a *.pfx file, you can import the converted certificate to the Reflection management server using the Certificate Wizard.
- Stop the Tomcat server.
- Launch the Certificate Wizard, located in
Reflection for the Web 2104, Reflection Security Gateway 2014, or Reflection for the Web 2011: <install directory>/utilities/bin/CertificateWizard
Reflection for the Web 2008: <install directory>/utilities/CertWizard.sh.
- Select a language and follow the prompts to the panel that offers several certificate options: generate, import, update, or copy.
- Browse to your converted certificate (*.pfx).
- Follow the prompts to finish the wizard.
- Restart the Tomcat server.