如何使用 keytools 将我的 VPS SSL 证书导入到我的码头密钥库中？

Question

I have written a webapp in B4J, which is a Basic language IDE that compiles the app to an executable java jar. My webapp works fine on http but I now need to embed it into a WordPress page, which I do using an iframe plugin for WordPress.

The WordPress site runs on http s so I therefore need to have my webapp run on https. I've searched the B4J forum and successfully converted the webapp so that the embedded jetty server starts up and connects on https but I am now in the world of SSL, which I have never had to deal with before.

I've followed various howto's and tutorials and successfully created a self-signed SSL cert using 'keytool' and that has allowed me to test and prove that my webapp is running under https. However the time has come for me upgrade the SSL cert to 'proper' certification so that the webapp can run without the browser warnings caused by the self-signed cert.

So this is where my SSL ability becomes super-thin... My VPS host is HostGator (HG) and the VPS plan comes with a free SSL cert that is periodically renewed. The HG cert covers the domain that both the WordPress site and the webapp will run on. I have asked HG Support whether their free cert would cover my webppp and they seem to think that it would but I need to make it available to the webapp when the java jar starts up the Jetty server. To that end I would like to try and import the HG cert into my Jetty keystore file and see it it will work. My problem is that I am unsure about:

• Where the HG SSL cert is or what it looks like; and
• How to actually import the HG SSL Cert into my Jetty keystore

I have read various threads both on B4J forum and StackOverflow but I'm not confident at this point that I know what I'm doing. I would greatly appreciate any assistance given and can supply the following information to help.

• I can view the HG SSL certs on the HG VPS WHM panel. It covers the domain I am using.
• I created my Jetty keystore (self-signed) using 'keytool'
• The jetty keystore (called jetty.keystore) is stored in the root directory of the webapp.
• The jetty.keystore has storetype PKCS12, which the process prompted me to do when I created it.

Having search some Linux forums I am pretty sure that the HG SSL cert is in a file located in:

• /etc/pki/tls/certs
• in that directory are links to ca-bundle.crt and ca-bundle.trust.crt; and
• a file called mydomain.com . crt

So...my question is:

• is mydomain.com . crt likely to be the HG VPS free domain SSL cert?
• If so, how do I go about importing that cert into my jetty.keystore file?

Answer 1

Solution:

• Using Developer tools in Chrome...View the SSL Certificate and Private Key for the domain.
• Locate both of these files on the VPS, which were under the domain owners account, not the root account.
• Make sure the cert and PK match the ones displayed in Chrome Developer Tools view.
• keytool -genkey -keyalg RSA -alias jetty -keystore jetty.keystore -keysize 2048
• Enter the prompted answers.
• keytool -delete -alias jetty -storepass keystore-password-value -keystore jetty.keystore
• keytool -list -storepass keystore-password-value -keystore jetty.keystore (to check that the key store is empty)
• openssl pkcs12 -export -in /../../cert-directory/certificate-file.crt -inkey /../../cert-directory/pk-file.key -name host -out outfile.p12
• keytool -importkeystore -deststorepass keystore-password-value -destkeystore jetty.keystore -srckeystore outfile.p12 -srcstoretype PKCS12

_{Answer added on behalf of OP}