We have an Tomcat App server and we are running Pega application on top of it, we would like to implement HTTPS for our application. I have been provided with CA certificate to implement HTTPS.
Process: To achieve this I have created a key store and I have imported the CA certificate into it and changed some configurations in server.xml file. I have also given Key store path and key store password. After restarting the server, I was able to browse the URL with HTTPS, but it is throwing an error saying "this certificate is invalid". As per my understanding, it is taking the key store private key certificate instead of CA certificate which is incorrect. Can some please advise me how to solve this issue.
It appears you might have imported the CA certificate into the keystore without associating it with the proper private key entry. Ensure that you've followed these steps:
Import the root and intermediate CA certificates (if any) into the truststore. Import your private key and the corresponding CA certificate into the keystore. In your server.xml, ensure that the keystoreFile attribute points to your keystore and that the keystorePass attribute has the correct password. Make sure that the keyAlias attribute (if used) matches the alias you used when importing your private key and certificate. If everything appears correct, double-check your certificate chain and restart Tomcat. If the problem persists, consult the Tomcat logs for more detailed information about the error.