Before importing a signed certificate purchased from GoDaddy, you must first follow the procedures below to convert the downloaded certificates to a format compatible with the tomcat7 webserver, and complete the installation.

  1.  Download the signed certificate from GoDaddy. You will have three files: your personal certificate with a random filename like 805cf37cc8796.crt, gdroot-g2.crt and gdig2.crt.
  2. Double-click the numbered file to view the certificate in Windows. Switch to the Details tab.
  3. Click Copy to File… to launch the Certificate Export Wizard. Use it to export the certificate as a Cryptographic Message Syntax Standard – PKCS #7 Certificate (.P7B) checking Include all certificates in the certification path if possible.
  4.  Copy the exported .P7B file to \<Install_Directory>\Embotics\vCommander\jre\bin\.
  5. Open a command prompt and browse to that directory. Issue the command keytool -import -alias tomcat -keystore “..\..\tomcat\conf\keystore” -trustcacerts -file your_file.p7b using the correct filename for the certificate you saved in the previous step.
  6. Issue the command keytool -list -v -keystore “..\..\tomcat\conf\keystore” -storepass changeit to verify the certificate was installed and the certificate chain length is 3.
  7. Restart the vCommander Windows service.


GoDaddy Certificate Issues


Depending on which GoDaddy download you access, your certiciate may or may not include both the root certificate and intermediary certificate. Packages which include the intermediary will not work because of duplication. You must have the three distinct, discrete certificates downloaded as three files.


When viewing the root certificate both the Issued to and Issued by fields must say "GoDaddy Root Certificate Authority - G2".  If there is a mismatch as shown below, the certificate will cause errors when you try and import the inteermediary certificate.



Download the correct, standalone root certificate file from the GoDaddy repository at https://certs.godaddy.com/repository/



Example Commands


vCommander Application

keytool -import -alias tomcat -keystore “..\..\tomcat\conf\keystore” -trustcacerts -file your_file.p7b -storepass changeit


Or import one at a time:


keytool -import -alias root -keystore "C:\Program Files\Embotics\vCommander\tomcat\conf\keystore" -trustcacerts -file gdroot-g2.crt -storepass changeit
keytool -import -alias intermed -keystore "C:\Program Files\Embotics\vCommander\tomcat\conf\keystore" -trustcacerts -file gdig2.crt -storepass changeit
keytool -import -alias tomcat -keystore "C:\Program Files\Embotics\vCommander\tomcat\conf\keystore" -trustcacerts -file 21a562f2c86452b2.crt -storepass changeit


VM Access Proxy (if you have the full chain with p7b):

sudo keytool -import -trustcacerts -alias tomcat -file certnew.p7b -keystore "keystore" -storepass changeit


Or import one at a time:

sudo keytool -import -trustcacerts -alias root -file rootcert.crt -keystore "keystore" -storepass changeit
sudo keytool -import -trustcacerts -alias intermed -file intermediate.crt -keystore "keystore" -storepass changeit
sudo keytool -import -trustcacerts -alias tomcat -file numberedcert.crt -keystore "keystore" -storepass changeit


These instructions are current as of the date of initial publication. Certificate authorities may change their policies and practices at any time without Embotics® having any knowledge of the change. Some vendors may require additional steps such as creating additional keystores or modifying the server.xml file. When in doubt, please contact the support team for the issuing authority for further instructions.


See Also