for windows servers (that use IIS) a CSR can be generated from the IIS manager.

csr creation:
http://www.digicert.com/csr-creation.htm

certificate import/export process:
http://www.digicert.com/import-export-ssl-certificate.htm

info for tomcat certs:
https://www.digicert.com/easy-csr/keytool.htm
http://www.digicert.com/ssl-certificate-installation-tomcat.htm

specific tomcat info regarding sysaid:
http://www.sysaid.com/Sysforums/posts/list/329.page

for apache, it might be necessary to combine the entire cert chain in a single file. to do so create a cert.pem file and paste the cert generated from the csr at the top then paste the intermediate and then root the certificate right below that (order matters) and save the file. update: it’s much easier to just export the entire cert chain as a single pem file from the CA instead of doing the above.

update 9/21/2015:
better info regarding sysaid and ssl certs: https://www.sysaid.com/onlineaid/legacy3/SSL_Config.htm
summarized list of steps:
from …\sysaidserver\jre\bin directory
keytool -genkey -alias tomcat -keyalg RSA -keystore sysaid.keystore
keytool -certreq -keyalg RSA -alias tomcat -file myreq.csr -keystore sysaid.keystore -keysize 2048
generate a certificate based on the CSR
keytool -import -alias root -keystore sysaid.keystore -trustcacerts -file root.crt (if you receive a message stating that the certificate already exists respond yes to import it again)
keytool -import -alias intermediate -keystore sysaid.keystore -trustcacerts -file intermediate.crt
keytool -import -alias tomcat -keystore sysaid.keystore -file mycert.crt
copy the resulting sysaid.keystore file to the …\sysaidserver\ directory and then edit …\sysaidserver\tomcat\conf\server.xml
uncomment the SSL lines and add “…sslProtocol=”TLS”” keystoreFile=”C:\Program Files\SysAidServer\sysaid.keystore” keystorePass=”mypassword” />”

Comments are closed.