Using Comodo as your provider requires these steps:

This guide assumes that we do not have the keystore.jks file that the csr was generated from, we begin with an x509 private key file and issued certificates.

  1. Convert the private key and server certificate into pkcs12 format

    openssl pkcs12 -export -in ssl.example.com.crt -inkey ssl.example.com.key -out server.p12 -name ssl.example.com -CAfile AddTrustExternalCARoot.crt -caname "AddTrust External CA Root" -passout pass:changeit
  2. Import the pkcs12 data into the keystore

    keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass changeit
  3. Import an additional trusted certificate into the keystore

    keytool -import -alias cert1 -keystore keystore.jks -trustcacerts -file COMODORSAAddTrustCA.crt -storepass changeit -noprompt
  4. Import an intermediate certificate into the keystore

    keytool -import -alias cert2 -keystore keystore.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt -storepass changeit -noprompt
  5. Import the issued certificate into the keystore, adding known alias

    keytool -import -alias tomcat -keystore keystore.jks -trustcacerts -file ssl.example.com.crt -storepass changeit -noprompt
  6. Export the certificate so that it can be added as the trusted certificate:

    keytool -export -alias tomcat -file tomcat.cer -keystore keystore.jks -storepass changeit -noprompt
  7. The exported certificate file, will now be used to populate the truststore. The password for the truststore must be provided. It can be the same, or different, to the one for the keystore. You will need this password for the red5.properties file.

    keytool -import -trustcacerts -alias tomcat -file tomcat.cer -keystore truststore.jks -storepass changeit -noprompt