I'm needing an experienced person to guide me on this little project 🙂
We have one Domain Controller [Win2k8 R2] with the Active Directory Certificate Services role. Let's call it ServerOne.OurDomain.com.
I've got a second Windows 2008 R2 server, ServerTwo.OurDomain.com, that runs an Apache Tomcat web server. We are setting up an Outlook plug-in for all users that requires an SSL connection to an OAuth server. I fumbled through the instructions to add the OAuth module to Tomcat and enable a connector using SSL on port 8443 [default SSL port for Tomcat].
But now I don't know how to "put 2 and 2 together" — How can I generate a certificate from our internal CA so there are no SSL certificate errors when connecting to ServerTwo.OurDomain.com? So far I made the "keystore" file on ServerTwo using the JRE "keytool.exe" program, and of course the certificate shows it [like, when you click the lock icon in a browser] as a self-signed cert with no CA chain.
Any help in this area is greatly appreciated.
Best Answer
I ended up figuring this out on my own. I documented my steps; Hopefully this helps anybody with the same issue in the future:
Generate CSR on Tomcat
Sign the certificate
Import the Root CA certificate
Import the certificate for Tomcat
References:
Note, if at this point your browser still doesn't trust that it was signed by a trusted Root CA, you may have to push out the Root CA server through Group Policy . . . It was a quick Google for me. I had already set that up before these steps, so I'm not sure if it matters or not.