From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

Tomcat CSR generation and CRT import (Java Keystore .JKS), Matrify, GlassFish, Wildfly ...

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore www.domain.com.jks
keytool -certreq -alias server -file csr.txt -keystore www.domain.com.jks
cat csr.txt


When it asks for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with the * character. (example: *.yourdomain.com)


After you have placed the CSR in the interssl account and the certificate has been validated and issued, you can import it into the keystore, e.g. 

keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks

In case you didn't receive a .p7b file, you can also import the .ca-bundle and .crt files like this:  
keytool -import -trustcacerts -keystore www.domain.com.jks -alias ca-bundle -file www_domain_com.ca-bundle
keytool -import -trustcacerts -keystore www.domain.com.jks -alias server -file www_domain_com.crt

 

You may find further details please on the COMODO CSR generation page:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1079/0/tomcat-csr-generation

For GlassFish specific details please have a look at:
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/816/37/
http://www.serveridol.com/2012/02/12/how-do-i-install-ssl-on-glassfish-server/
https://blogs.oracle.com/enterprisetechtips/using-ssl-with-glassfish-v2


Was this answer helpful?

 Print this Article

Also Read

Wie erstelle ich einen CSR (Certificate Signing Request) in Microsoft IIS ?

Für Microsoft IIS und Exchange Console empfehlen wir NICHT unseren Online Generator zu nutzen...

What is PRE-SIGN FAILED? What is a CAA record? - DNS Certification Authority Authorization (CAA) Resource Record

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name...

How to securely submit sensitive documents (forms, personal ID, company registration docs) to COMODO? (OV and EV certificates, CPAC Pro, CPAC Enterprise)

In case you are requested to submit sensitive documents (forms, personal id, company documents)...

Microsoft Exchange server: which SSL to use? What about autodiscover. subdomain?

Symptom: internal access is working properly, but accessing with Outlook from remote locations is...

How do i create /.well-known/pki-validation/... ?

For File Based Authentication, please create a folder structure "/.well-known/pki-validation/"...