Every year, I remember renewing CotoGoto's SSL in January, but for some reason the SSL I'm using is committing fraud, and I was involved in a trouble that Google could not use it, and each time I replaced it with a new one It is caught in a loop that is forced.
That's why there are alternative certificates, so I looked for FujiSSL.
Make a note of the procedure.
StartSSL⇒RapidSSL⇒FujiSSL ← here
1. First create a keystore.
Keytool -genkey -alias tomcat -keyalg RSA -keystore yourdomain.jks -keysize 2048
Execute the above command and enter your information.
* Information entered when creating the keystore is reflected in the CSR.
* When changing the key store name, path, and key store password from the default values, settings in a separate configuration file (server.xml for Tomcat) are required.
Here reference I made it.
2. Generate a CSR.
Keytool -certreq -alias tomcat -file request.csr -keystore yourdomain.jks
After this, import the intermediate CA / public certificate into the keystore.
3.FujiSSL certificate acquisition
this FujiSSL I will get it from.
4. Import the intermediate CA.
keytool -import -trustcacerts -alias intermediate -file ca-bundle.ca -keystore yourdomain.jks
5. Import the public certificate.
Keytool -import -trustcacerts -alias tomcat -file yourdomain.crt -keystore yourdomain.jks
6. Check the imported contents.
keytool -list -v -keystore yourdomain.jks -storepass password