Environment
Filr 3.0
GoDaddy SSL certificate
Resolution
Follow these steps:
1. Create a new Digital Certificate of type "Key Pair". In Filr Admin Console:
- File > New Certificate Key Pair
- Complete "New Certificate (Key Pair) form. For example (assuming a wildcard certificate at Novell - substitute your orgainization values)
- Alias: tomcat
- Common Name (CN): *.novell.com
- Organization (O): novell
- Organizational Unit (OU): Servers
Now, you have a new Digital Certificate of type "Key Pair"
2. Set this certificate as "Active", then generate the CSR
- File > Certification Request > Generate CSR > save as a file "tomcat.csr"
3. Prepare for, request, and receive the GoDaddy certificate.
- Open tomcat.scr with notepad, and copy the contents to GoDaddy.com > SSL Certificates > choose your certificate > Re-Key and Manage > Re-Key Certificate > Certificate Signing Request (CSR) field. Save and Submit. After some minutes, you get a new certificate from GoDaddy.
- While you wait, reboot the Filr server. When the new certificate is available:
- Download certificate
- Set type as "Apache" and click "Download Zip File"
- Extract zip file
4. Import and activate the GoDaddy certificate. In Filr Administrative Console:
- Digital certificates > Web Application Certificates > highlight your certificate "tomcat" > File > Import CA Reply > Browse to the new certificate (.crt)
- Delete any other Web Application Certificates
- Highlight certificate > Edit > Delete
- Import Tusted Certificate
- Highlight your certificate "tomcat" > File > Import Trusted Certificate > Browse to the "bundle" .crt file > set Alias to "bundle"
- Now, you have 4 entries:
- bundle_0 Trusted Certificate
- bundle_1 Trusted Certificate
- bundle_2 Trusted Certificate
- tomcat Key Pair
- Update Certificate Chain
5. Reboot Filr Appliance. This is the end of the procedure
If, at this point, the 8443 interface is using the correct certificate, but the 9443 interface shows "insecure connection":
1. Reload the certificate and update the certificate chain:
- Highlight "tomcat" web application certificate > click "Reload" > Update Certificate Chain
2.Restart Jetty:
- Go to System Services > Jetty > Actions > Restart
3.Retest
If this is a "wildcard" certificate: To export the wildcard certificate for use on other servers, copy the vachain.crt, vaserver.crt, vaserver.key, and vaserver.p12 files from the Filr appliance:
- cd /vastorage/conf/certs
- mkdir /filr-cert-export
- cp vachain.crt /filr-cert-export
- cp vaserver.crt /filr-cert-export
- cp vaserver.key /filr-cert-export
- cp vaserver.p12 /filr-cert-export
- cd /filr-cert-export
- tar -zcvf godaddy-bundle-wildcard-and-pvt-key.tar.gz *.*
This compressed file contains the files needed when installing the wildcard certificate on other servers. It contains a signed Wildcart cert from GoDaddy along with a PRIVATE KEY. Every server using the wildcard certificate will need a new certificate created from this keypair.
Note: Every time a certificate is rekeyed from GoDaddy, all certificates will have to be replaced. This is a requirement of wildcard certificates.
Additional Information
See also Cool Solution entitled "Godaddy SSL Certificates for Filr".