Adding an existing SSL certificate to an Alfresco install has been causing me issues for a while and after multiple attempts I have finally managed to find a simple solution.
First you need add 3 files to a working folder on your server.
server.key – The private key used for generating the certificate
server.crt – The certificate from your SSL provider (certificate authority)
server.ca.bundle – This is the root and intermediate certificate bundle available from your SSL provider (certificate authority). If the server.ca.bundle is not available as one file you should be able to get the root and intermediate(s) certificates separately and then you can concatenate them into one file (in the correct order).
First we use the openssl command to convert the above three files to a ‘PKCS12’ file.
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name SERVER-FQDN -CAfile server.ca.bundle -caname root
Replace SERVER-FQDN with the certificate FQDN. You will be asked for a password when you run the command, use the same password as the existing Alfresco keystore.
Next we convert the ‘PKCS12’ file to a keystore that is the same format as Alfresco already uses.
keytool -importkeystore -deststorepass ALFRESCOKSPASS -destkeypass ALFRESCOKSPASS -destkeystore ssl.keystore -deststoretype JCEKS -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass ALFRESCOKSPASS -alias SERVER-FQDN
If all has gone well with no errors you can copy the ssl.keystore file to your Alfresco keystore folder (backing up the original first). Restart the Alfresco service and confirm that the certificate is working in your browser.