Instructions for updating Java to support the new SSL Certificate Used by Provet
Updating SSL Certificates in Java is not straight forward and we recommend that you consult your support provider. Below is the process to add the certificate to the Java keystore that we sucessfully used (All credit for these instructions to Tony De Keizer).:
- Download the certificate from https://support.comodo.com/index.php?/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority and copy to the location where you will run the keytool command below from.
- Locate the java that is being used to run Tomcat and record this. In the command below this is referred to as JAVA_PATH. You can use the Configure Tomcat application on Windows and look at Java Tab to identify the Java version being used by Tomcat. In Ubuntu check /etc/default/tomcat? (? is 6 or 7) to ascertain $JAVA_HOME.
- Use one of the two commands below to install the certificate. Replace JAVA_PATH with the location identified in 2. In both Windows and Ubuntu you will need to run the command with elevated permissions. For Windows run command as administrator. For Ubuntu prefix the command with sudo and enter the appropriate password.
Windows : "JAVA_PATH"\bin\keytool -import -trustcacerts -alias comodorsaaddtrustca -file comodorsaaddtrustca.crt -keystore "JAVA_PATH"\lib\security\cacerts -storepass changeit
Linux/Ubuntu: JAVA_PATH/bin/keytool -import -trustcacerts -alias comodorsaaddtrustca -file comodorsaaddtrustca.crt -keystore JAVA_PATH/lib/security/cacerts -storepass changeit
- Restart Tomcat.
In Windows use Administration Tools - > Services to restart the Apache Tomcat service .
In Linux run sudo service tomcat? (? is either 6 or 7) restart and enter the password.
Re: Instructions for updating Java to support the new SSL ...
I just want to make it clear the above process does NOT add SSL support or ensure your security. It just adds an intermediate certificate because Comodo's intermediate trust chain can not be validated with out it. IF you dont use comodo as a certificate authority the above instructions are not necessary or required.
Re: Instructions for updating Java to support the new SSL ...
Ok its now clear why this post has been made
A major veterinary supplier is upgrading thier SSL certificate.
They are using a Comodo certificate.
I am not sure why but I suspect that the intermediate certificate in the trust chain may need to be installed on those systems - (java 6/7)
You can follow the above instruction and install the intermediate certificates or you can wait and see if a problem actually occurs and then react to it(Thats what I will be doing)
Re: Instructions for updating Java to support the new SSL ...
If you are submitting e-orders to Provet and you are using:
The Comodo certificates appear to have been added in:
according to http://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html
If you don't have the certificate installed, you will get an error trying to submit orders.
You can find out what Java version you are running by typing the following on the command line:
You need to ensure that the java command used is that being used to launch Tomcat.
Note that if you are running OpenVPMS 1.7.x or earlier, you cannot simply upgrade to use Java 8. It is incompatible with these older releases of OpenVPMS.