Sectigo PositiveSSL Certificate Installation

SECTIGO:PositiveSSL Certificate Installation: Java-based webservers

Installing your Certificate on Java Based Web Servers

You will receive 4 files in a zip file from Sectigo.
These must be imported in the correct order:

Root AddTrustExternalCARoot.crt
Intermediate CA UTNAddTrustServerCA.crt
Intermediate CA PositiveSSLCA.crt
domain/site certificate yourdomainname.crt

Or You can download the Positive ssl Root and Intermediate files from here.

Please replace the example keystore name 'domain.key' with your keystore name
Use the keytool command to import the certificates as follows:

keytool -import -trustcacerts -alias root -file (AddTrustExternalCARoot.crt) -keystore domain.key
keytool -import -trustcacerts -alias UTNADD -file (UTNAddTrustServerCA.crt) -keystore domain.key
keytool -import -trustcacerts -alias POSITIVESSL -file (PositiveSSLCA.crt) -keystore domain.key

Use the same process for the site certificate using the keytool command
If you are using an alias then please include the alias command in the string. Example:

keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key

EXAMPLE:

The password is then requested.
Enter keystore password: (This is the one used during CSR creation)
The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):

Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Certificate fingerprints:
MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
Trust this certificate? [no]:

Then an information message will display as follows:

Certificate was added to keystore

All the certificates are now loaded and the correct root certificate will be presented.