I wrote up a quick article on how to setup WebKeePass last week. WebKeepass is a great open source password vault server that is web based. It allows you to store your shared network passwords in a secure place in one central location. The initial install is really easy, and if you don’t have a problem using self signed SSL certs, the initial install is all you need to know.
However, if you are like me and prefer to use legit 3rd party certs for important stuff like passwords, then you are going to need this article too. Now the WebKeePass documentation has a blurb about 3rd party SSL certs, but all it says is to look at the Tomcat Jakarta documentation for installing SSL certs. Not exactly a good clue on how to change it out for WebKeePass specifically. After some trial and error, I finally figured it out, so you don’t have to. One of the things I figured out was that the alias they use for their self signed cert is ‘tomcat’. That leads us to step number 1, after installation, we have to remove the old alias of tomcat so we can continue. To do that, change into your WebKeePass install directory (Mine is /opt/wkp) then change into the config directory. From inside there, run the following:
keytool -delete -alias tomcat -keystore webKeePass.key
You will be prompted by a password. The default password is changeit.
Now that tomcat is deleted, we need to recreate it by running the following:
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore webKeePass.key -dname "CN=<yourservers fqdn>,OU=DEPT, O=COMPANY, L=CITY, ST=STATE, C=us"
Make sure to change the above to match your server/company/location. After that run the following to generate a new SSL CSR to give to your third party SSL provider.
keytool -certreq -alias tomcat –file <your fqdn>.csr -keystore webKeePass.key
Now that you have your CSR, go ahead and go through the process of requesting a cert with your certificate authority of choice. May I suggest GoDaddy because they have SSL certs for only $12.99 if you use this link: (GoDaddy Deal)
Once you have your certificate, you have to install all root, intermediate and cross intermediate certificates into your keystore. Download them, and copy them into your keystore directory. Once again, for me it’s /opt/wkp/conf/. Run the following to install your root certificate:
keytool -import -alias root -keystore webKeePass.key -trustcacerts -file rootcert.crt
Run the following to install your intermediate:
keytool -import -trustcacerts -alias intermediate -keystore webKeePass.key -file intermediate.crt
Run the following to install your cross intermediate if you have one:
keytool -import -trustcacerts -alias cross -keystore webKeePass.key -file cross_intermediate.crt
Now that all of your signing certificates are installed and trusted, you are ready to install your new third party SSL certificate for WebKeePass. To do that run the following:
keytool -import -trustcacerts -alias tomcat -file <yourcertificate>.crt -keystore webKeePass.key
Now either start your WebKeePass service if you haven’t already, or reboot if it is already running. Your new certificate should now be working! Questions? Comments? Hit me up below!