TxEIS Renewing Server Certificate

Step 1:   Backup the following files

C:\Program Files\Java\jdk1.6.0_17\jre\lib\security\cacerts


Step 2:   Create the TxEIS Keystore

From a command prompt run the following command;

The following prompts will appear:

What is your first and last name?
This is the FQDN of the server, i.e. txeis.panolacharterschool.net

What is the name of your organizational unit?
Enter admin

What is the name of your organization?
Use the name of the district, i.e. Panola Charter School

What is the name of your city or locality?
Enter TX

What is the two-letter country code for this unit?
Enter US

You will receive the following prompt;
Is CN=URL-ComputerName, OU=OrganizationUnit, O=Organization, L=CityName, ST=TX, C=US correct? [no]:
type yes and press  <Enter>
Press <enter>

NOTE: The default keystore password is:  txeis01


Step 3:   Generating the Certificate Signing Request (CSR)

From a command prompt run the following command;

You will be prompted for the Keystore Password ( txeis01 )


Step 4: Obtaining the Renewal TSSC

Email the C:\TxEIS\keystore\TxEIS.CSR file to Darren.
Server Type is TOMCAT
Copy the resulting .crt file to C:\TxEIS\keystore overwriting the existing one.
Copy a current copy of sf_cross_intermediate.crt to the same directory.


Step 5:  Installing the TSSC Files

*** Stop the JBOSS Service ***

Place a copy of the unchanged cacertsfile from
C:\Program Files\Java\jre6\lib\security to C:\Program Files\Java\jdk1.6.0_17\jre\lib\security
(overwrite the existing cacerts file).
Edit CERTIMP.bat and verify the Certificate names are correct.
If using GoDaddy the files will be:

txeis.<dns name>.crt

From a command prompt run the following command:
You will be prompted for the keystore password for each certificate.
Password is txeis01

Note: When installing the second Intermediate certificate file, you may get an “already
exist … add (Y/N)”.
In the event this happens, answer N and continue on.


Step 6:   Export Keystore Certificate and Import it into Java CACERTS keystore file

From a command prompt run the following command;

You will see text similar to the following:

Owner: CN= URL-ComputerName, OU= OrganizationUnit, O= Organization, L= CityName, ST=TX, C=US Issuer:
CN= ComputerName, OU=OrganizationUnit, O= Organization, L= CityName, ST=TX, C=US
Serial number: 4925c95d
Valid from: Mon Oct 19 10:00:00 CST 2009 until: SunFeb 19 09:00:00 CST 2010
Certificate fingerprints:
MD5: BF:93:32:06:7C:7B:E9:DD:B6:4E:DE:43:2F:D5:E8:13
SHA1: 47:16:DE:0B:DC:F2:61:2C:86:B7:72:70:9C:4F:82:B6:30:97:95:E6
Signature algorithm name: SHA1withRSA
Version: 3

Trust this certificate? [no]: type yes and press <enter>


Step 7:   Restart the JBOSS Service and verify new Certificate

Leave a Reply