Installing your Certificate on Java Based Web Servers
- You will receive 4 files in a zip file from Sectigo.
- These must be imported in the correct order:
Intermediate CA UTNAddTrustServerCA.crt
Intermediate CA PositiveSSLCA.crt
domain/site certificate yourdomainname.crt
Or You can download the Positive ssl Root and Intermediate files from here.
- Please replace the example keystore name 'domain.key' with your keystore name
- Use the keytool command to import the certificates as follows:
keytool -import -trustcacerts -alias root -file (AddTrustExternalCARoot.crt) -keystore domain.key
keytool -import -trustcacerts -alias UTNADD -file (UTNAddTrustServerCA.crt) -keystore domain.key
keytool -import -trustcacerts -alias POSITIVESSL -file (PositiveSSLCA.crt) -keystore domain.key
- Use the same process for the site certificate using the keytool command
- If you are using an alias then please include the alias command in the string. Example:
keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key
- The password is then requested.
- Enter keystore password: (This is the one used during CSR creation)
- The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):
Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Trust this certificate? [no]:
- Then an information message will display as follows:
Certificate was added to keystore
All the certificates are now loaded and the correct root certificate will be presented.