SSL Server Certificate order - Detailed instructions

This page describes in detailed manner the steps needed when ordering and installing a Telia Company SSL Certificate into a server running Java applications.

Oracle Java

Telia CA root certificate and Java

Oracle Java supports Sonera Class 2 CA. In order to ensure certificate error free operation of your Java server, you need to install a chain of intermediate certificates into cacerts certificate store of Java.

Phases of certificate ordering and installation

Phase 1 Creation of a certificate store and a CSR file using keytool command

  • keytool command is found from directory $JAVA_HOME/java/bin, if it is not present in system-wide path
  • Create a new certificate store with this command: keytool -genkey -alias mydomain -keyalg RSA -keysize 2048 -keystore yourdomain.jks. "yourdomain" is the domain name that is being certified. If you are planning to purchase a wildcard certificate, make sure that there is no * character in the filename. Also note that when keytool prompts for first name and last name, these are not your name, but the domain name which is going to be protected
  • Next generate the CSR file with following command: keytool -certreq -alias mydomain -keyalg RSA -file yourdomain.csr -keystore yourdomain.jks
  • After you have finished creation of the CSR file, click Buy now on the left

Phase 2 Download of the certificates in certification chain

  • After your SSL certificate has been delivered, you will find the necessary CA certificate TeliaSonera Root CA v1 ja TeliaSonera Server CA v2 from your delivery confirmation email . You can also download them from this page

Phase 3 Transfer of the certificates

  • Please transfer all certificates to the Java server

Phase 4 Locate the cacerts file

  • Locate the cacerts file of the your running Java installation. It is located on path $JAVA_HOME/jre/lib/security/

Phase 5 Import CA certificates into cacerts certificate store using keytool command

  • The default write password for cacerts is 'changeit'
  • Import root certificate using command: keytool -import -trustcacerts -file /path/to/ca/ts_root_ca.pem -alias TS_rootCAv1 -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import intermediate certificate using command: keytool -import -trustcacerts -file /path/to/ca/ts_server_ca.pem -alias TS_serverCAv2 -keystore $JAVA_HOME/jre/lib/security/cacerts

Phase 6 Import your SSL certificate into the existing certificate store

  • An SSL certificate requires an own certificate store. cacerts is only for CA certificates
  • Import your SSL certificate using command: keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore yourdomain.jks. Note! The alias must be same as it was when the keystore for your SSL certificate was created