Installing and Configuring a CA‑Signed SSL Certificate in Java KeyStore

Installing and Configuring a CA‑Signed SSL Certificate in Java KeyStore

Info
Purpose:

This document provides a step-by-step guide for creating a Java KeyStore (JKS), importing a CA-signed SSL certificate, and configuring AutomationEdge for secure HTTPS communication.

Notes
Prerequisites:

Before starting, ensure you have:

  • Certificates from your Certificate Authority (CA):

    • Scenario A:  The Application Certificate is sufficient.  If the Root and Intermediate certificates are included on that.

    • Scenario B: A single bundled certificate containing the full chain.

  • Keystore password (you will set this during creation/import).

  • Access to the Tomcat server.xml configuration file.

  • Ability to restart the Tomcat service.


Step 1: Import CA Certificates into the JKS

Scenario A — Three Separate Certificate Files

  1. Import the Root Certificate

      keytool -import -trustcacerts -alias intermediate -keystore your_JKS.jks -file <Certificate>

  2. Import the Intermediate Certificate

    keytool -import -trustcacerts -alias intermediate -keystore your_JKS.jks -file <Certificate>

  3. Import the Application (Main) Certificate

    keytool -import -trustcacerts -alias aeserver -keystore your_JKS.jks -file <Certificate>

Scenario B — Single Bundled Certificate or Single Certificate File

If your CA provides:

  • A single certificate file for your domain

Use:

keytool -import -trustcacrts  aeserver -file your_certificate_file.cer keystore your_JKS.jks

Step 2: Verify Certificate and Private Key in Keystore

Check the contents of the keystore:

keytool -list -keystore your_JKS.jks

Warning
Important:
If the PrivateKeyEntry is missing, you must first import the private key into your main certificate, then re-import that updated certificate into your JKS file.

Step 3: Configure Tomcat for SSL

For Tomcat 9.x and earlier (Traditional Connector Format)

Edit $TOMCAT_HOME/conf/server.xml and add or update the connectors:

Comment out the HTTP connector section in server.xml.

  • SSL Connector

    <Connector port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    scheme="https" secure="true"
    sslProtocol="TLS"
    alias="aeserver"
    keystoreFile="./conf/your_JKS.jks"
    keystorePass="<password_to_keystore>" />

Edit $TOMCAT_HOME/conf/server.xml and configure:

  • SSL Connector

    <Connector port="443"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150"
           SSLEnabled="true"
           scheme="https"
           secure="true"
           sslProtocol="TLS">
    <SSLHostConfig>
        <Certificate
            certificateKeystoreFile="conf/your_JKS.jks"
            certificateKeystorePassword="<password_to_keystore>"
            type="RSA" />
    </SSLHostConfig>
</Connector>

Step 4: Restart Tomcat

Restart the Tomcat service to apply the SSL changes.

Step 5: Update AutomationEdge for HTTPS

  1. Log in to AutomationEdge as sysadmin.

  2. Update the HTTPS URL in the system/application settings.

  3. Verify the connection and save the changes.

This completes the process for installing and configuring your CA-signed SSL certificate with AutomationEdge and Tomcat.

      Links to better reach 

            Bot Store

             EPD