Problem
A Wildcard SSL Certificate secures a website URL and an unlimited number of its subdomains.
The Wildcard SSL Certificate works the same way as a regular SSL certificate, and undergoes the same validation processes. The difference is that the Wildcard SSL Certificate extends to all of the subdomains of the domain to be secured.
For example, www.coolexample.com, shop.coolexample.com, and register.coolexample.com can all be secured with a single Wildcard SSL Certificate.
Note: Some operating systems expect a dedicated and static IP for each of the subdomains that are utilizing the single wildcard certificate.
Solution
How to install a WILDCARD SSL CERTIFICATE using a PFX file:
1. Save the PFX file as a file named server.keystore in directory D:\<CWHOME>\config\templates\tomcat\ (example: D:\V83\config\templates\tomcat\server.keystore)
2. Edit file D:\<CWHOME>\config\templates\tomcat\server.xml
Add a keystoreType line after keyPass:
keystoreFile="${catalina.base}/conf/server.keystore"
keyPass="@APPSERVER_SSL_PASSWORD@"keystoreType="PKCS12"
3. Execute Option 7 (Build Incremental Changes) from the "Clearwell Utility" application found on the desktop of the eDiscovery Platform server. This options performs various actions, including copying the server.keystore file from the templates directory to the 'live' run-time location D:\<CWHOME>\tomcat\conf\server.keystore.
The following additional steps are required for eDiscovery Platform 8.2 and above:
- Open the "Clearwell Comander" application found on the desktop of the eDiscovery Platform server.
- From the Action pulldown, select Stop Appliance Services. Wait for all services to stop.
- Go to Action and select Copy Tomcat Provider-Signed Certificate to Windows Trust Store.
- Select Start Appliance Services. Then quit "Clearwell Commander" from the “File” menu.
Note: For eDiscovery Platform 8.2 and above, the PFX file must meet the following criteria, in order for the "Clearwell Commander" utility to access it successfully:
- The PFX file must be named server.keystore and must exist in location D:\<CWHOME>\config\templates\tomcat\server.keystore.
- The password of the PFX file must be "123456".
- The server certificate in the PFX file must have an 'alias' and 'friendly name' that displays "clearwellkey". To view the 'alias name', use the following command:
keytool -list -v -keystore server.keystore
For information on requesting a wildcard SSL cert using IIS and exporting to PFX, see:
https://TECHNET.MICROSOFT.COM/EN-US/LIBRARY/CC441453.ASPX
For additional information, please see the Veritas System Administration Guide for eDiscovery Platform.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.