SSL Certificates Installation Instruction - Resin
1. Save the certificate file
You receive a email that contain a zip file after your SSL certificate is issued, the zip file have 3 files: one is like UTN*.crt, this is the root CA, no any use, second is like WoSign*.crt, this is the intermediate root, please rename it to intermediate.crt, the third file is your SSL certificate like www.mydomain.com.crt .
2. Import the certificate
Use the keytool command to import the root certificates as follows:
keytool -import -trustcacerts -alias root -file utn.txt -keystore CAcerts
Use the same process for the WoTrust certificate using the keytool command:
keytool -import -trustcacerts -alias INTER -file intermediate.crt -keystore CAcerts
Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string:
keytool -import -trustcacerts -file www.mydomain.com.crt -keystore server.keystore
Note: If you did not specify a keystore name when the keystore was originally generated please omit the -keystore parameter from the command)
When you execute this command you will be prompted for the keystore password, please specify the password you set when you generated the keystore.
3. Edit the Resin configuration file (resin.conf)
resin.conf:
<http-server>
.........
<http port=8443>
<ssl>true</ssl>
<key-store-file>keys/server.keystore</key-store-file>
<key-store-password>changeit</key-store-password>
</http>
Resin keeps its configuration information in a resin.conf file, make sure Resin is reading the correct keystore file and keystore password and that port 8443 is enabled for secure connections.
Please make sure the ‘keystoreFile' directive is referencing the correct keystore and the 'KeystorePass' directive is referencing the correct keystore password.
Please save the changes and stop and start Resin.
4. Setup the serverMake sure you assign port 8443 and a unique ip address to the virtual host.Note: If the server is behind a firewall please make sure port 8443 has been enabled on the firewall.
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.