Configure Google Analytics access from Tomcat SSL
My recent web application had a requirement to publish the user requests to Google Analytics (GA) who has confirmed the registration. This is because there can be users who have visited the registration page but not confirm the registration or end up with errors even they click the registration button. Fortunately, this web application is using Spring Web Flow therefore I managed to implement the helper method that will send the confirmation information to the GA as a very last even.
I've used the Apache HTTP Client to send a http request to GA using Google Measurement Protocol. In my case, I don't use Java general security store, instead use the custom keystore for Tomcat. This situation is very common when you need to configure the developer environment for the secure web applications development.
First you have to enter the following URL to the Firfox browser. Then click the upper left corner pad lock icon: you will get the More information button.
In the next window, click the button "View Certificate".
As shown in the above screenshot, you have to find the value of the Serial Number. This number is very important. In the certificate hierarchy, each tree item has different serial number. Here we select the top one in the chain.
You have to execute the following command to get the certificate information to the t.txt text file:
Open the t.txt file in the notepad.exe and look for the 35def4cf that is the number where all the colons are removed.
Now export the certificate using following keytool command.
Use the following command to import this certificate to your keystore.
Truststore is the one used to store all the third party certificates in the tomcat.
equifaxsecureca.cer file. And import as alias ga as well:
Using above command import the ga.crt.
NOTE:
keytool -list -v -keystore truststore.jks -alias ga > n.txt
If you have use the above command to extract the certificates, you will find both the way same certificate is imported.
I've used the Apache HTTP Client to send a http request to GA using Google Measurement Protocol. In my case, I don't use Java general security store, instead use the custom keystore for Tomcat. This situation is very common when you need to configure the developer environment for the secure web applications development.
First you have to enter the following URL to the Firfox browser. Then click the upper left corner pad lock icon: you will get the More information button.
In the next window, click the button "View Certificate".
As shown in the above screenshot, you have to find the value of the Serial Number. This number is very important. In the certificate hierarchy, each tree item has different serial number. Here we select the top one in the chain.
Importing Certificate from general key store
Now the time to find the certificate in the java general certificate store. First you need to change to the certificate store. Generally that is c:\Program Files...\java\jre\lib\security and the keystore is cacerts.You have to execute the following command to get the certificate information to the t.txt text file:
keytool -list -v -keystore cacerts > t.txt
Open the t.txt file in the notepad.exe and look for the 35def4cf that is the number where all the colons are removed.
Now export the certificate using following keytool command.
keytool -export -keystore cacerts -alias equifaxsecureca -file equifaxsecureca.cer
Use the following command to import this certificate to your keystore.
keytool -import -trustcacerts -alias equifaxsecureca -file equifaxsecureca.cer -keystore truststore.jks
Truststore is the one used to store all the third party certificates in the tomcat.
Direct import
This is the easiest if you follow the above steps correctly. Again, select the top of the certificate chain (verify by the serial number) as shown in the above screenshot and click the "Export" button to export directly from the FireFox. I've exported the certificate as ga.crt in this case instead ofkeytool -import -trustcacerts -alias ga -file ga.crt -keystore truststore.jks
Using above command import the ga.crt.
NOTE:
keytool -list -v -keystore truststore.jks -alias ga > n.txt
If you have use the above command to extract the certificates, you will find both the way same certificate is imported.
Comments
Post a Comment
commented your blog