I have a CENT OS Server and app is hosted on apache tomcat. I don't know much about SSL certificates but I did following to set it up
1 – Generate key store file
keytool -genkey -alias -keyalg RSA -keysize 2048 -keystore -sigalg SHA256withRSA
2 – Generate CSR
keytool -certreq -alias -file -keystore -sigalg SHA256withRSA
3 – Import
downloaded p7b file provided by Symantec against CSR and imported the certificate
keytool -import -alias -trustcacerts -file -keystore
Everything works fine but Symantec's SSL toolbox is showing following warning
Recommendations:
Root installed on the server. For best practices,
remove the self-signed root from the server.
Any ideas how can I uninstall/remove Root from Server to avoid this warning?
Best Answer
The only thing I found was this article which basically says "Browsers will receive your paid-for cert also get your self-signed cert" and it's their job to figure it out.
IMHO, Symantic's product wasted my time on a wild-goose chase. They also recommend remediating BEAST with RC4 (I assume), which is not recommended. Browsers are remediating BEAST.
I'd recommend this service instead: https://www.ssllabs.com/ssltest/analyze.html
Their remediation articles are very helpful.
This was the article I used to setup nginx. It needed one change to get an A+