Java Keytool - Certificate installation

Immediately after being issued, your SSL certificate will be sent to you by email. It is also possible to download the certificate from the Control Panel. The file containing the certificate will have the same name as the domain name it is meant for (for example: www_sslcertificaten_nl.crt).

Note: This manual assumes you have created the CSR with the Java Keytool manual.  As an example we use /etc/ssl/crt as a saving location for the certificate files; www.sslcertificaten.nl is used as an example of an FQDN. Thus, www.sslcertificaten.nl should be replaced with the domain name for which the certificate is requested in the example commands.

1. Save the sent certificate, and any root- and intermediate certificates (for example in /etc/ssl/crt).
2. Navigate to this folder (using the following command: cd /etc/ssl/crt).
3. Import the root certificate first, using the command below:[root@server cert]# keytool -import -trustcacerts -alias root -file root_certificate_file -keystore www_sslcertificaten_nl.jks
Here, the switches mean the following:
   • -alias [name] - please use the same alias as the one specified when creating the CSR; by doing so, the certificate is associated with the correct private key. Note: You should use a unique alias for the root- and intermediate certificates.
   • -file [file name] - indicates which file should be imported; use this to refer to the root- or intermediate file that is to be imported.
   • -keystore [name keystore] - indicates in which keystore the to be imported file should be. Here, replace www_sslcertificaten_nl with the name of your own keystore, as indicated during the creation of your private key and CSR.
4. Repeat step 3 for the intermediate certificate(s), using the following command:[root@server cert]# keytool -import -trustcacerts -alias inter -file intermediate_certificate_file -keystore www_sslcertificaten_nl.jks
   Note: If you use more than one intermediate files, you could for example use "inter1" and "inter2" as aliases.
5. Now import the domain certificate using the following command:[root@server cert]# keytool -import -alias www_sslcertificaten_nl -file www_sslcertificaten_nl.crt -keystore www_sslcertificaten_nl.jks
   Note: please replace www_sslcertificaten_nl with the domain name the certificate was applied for, and enter the keystore-password when prompted.
6. Type yes behind Trust this certificate? and press Enter. The certificate will now be added to the keystore.
7. Restart the server; the certificate is now active.

All necessary steps to install your web server certificate have now been completed. Please make sure to adequately secure your certificate files, and to store a backup of your private key and web server certificate in a safe location. You should also install the root and intermediate certificates. Check whether the certificate is correctly installed with the SSLCheck and ensure an optimal configuration with these tips and settings.

Please do not hesitate to contact us if you encounter problems or error messages.