Situation

A client bought a new Certificate and needed to have it installed.

Solution

1. make sure that the certificate is not borked: there should be a newline between —-BEGIN CERTIFICATE— and the data.

2. If necessary, convert to DER format:

   openssl x509 -in myCert -out myCert.der -outform DER

3. Import intermediate certs with different alias than the one used for your own cert:

   keytool -keystore theKeyStore -alias thawte_intermediate -import -file thawte_int.der -trustcacerts

4. Import your new cert

   keytool -keystore theKeyStore -import -file _new_cert.der -trustcacerts

Resources:

• http://www.modssl.org/docs/2.8/ssl_faq.html#ToC36
• http://community.igniterealtime.org/thread/39868
• http://wiki.zimbra.com/wiki/4.x_Commercial_Certificates_Guide
• http://docs.codehaus.org/display/JETTY/How+to+configure+SSL