Knowledgebase: SSL
Certificate Installation: Glassfish 4.x

 

1. CREATE DIRECTORY FOR THE KEYSTORE AND CSR:


Open a command prompt and type the following:

> mkdir sslcert

Then cd to the newly created directory by typing the following command:

> cd sslcert

 

2. CREATE KEYSTORE:


Use the following command to create a keystore:

> keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048

You will be prompted to enter keystore password. The default password that comes with glassfish is "changeit" except you have changed yours. Afterwards, you will be prompted for the following:

Ensure the details filled in here correspond to those communicated to Comodo at the point of purchasing,

What is your first and last name? = Your Domain Name (e.g. www.comodo.com)
What is the name of your organizational unit? = Your Department (e.g. IT)
What is the name of your organization? = Your Organization (e.g. Comodo CA Ltd)
What is the name of your City or Locality? = Your City (e.g. Clifton)
What is the name of your State or Province? = Your State (e.g. New Jersey)
What is the two-letter country code for this unit? = Your Country Code (e.g. US)

Tip : Click here to view the list of Country Codes

When all these have been filled in, you will be shown the summary to confirm accuracy. Type y and press enter. You will then be prompted to enter the key password for youralias. Press enter if you are using the default password.

 

3. GENERATE CSR:

Use the following command to generate a CSR

> keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks

 

Note: Use the same alias name you used for generating the keystore.

 

4. IMPORT KEYSTORE TO GLASSFISH:


> keytool -importkeystore -srckeystore User Home/sslcert/trustbond.jks -destkeystore $GFHOME/domains/yourdomain/config/keystore.jks

 

5. IMPORT ROOT CERTIFICATE TO CACERTS.JKS AND KEYSTORE.JKS:


> keytool -import -v -trustcacerts -alias root -file addtrustexternalcaroot.crt -keystore keystore.jks

> keytool -import -v -trustcacerts -alias root -file addtrustexternalcaroot.crt -keystore cacerts.jks

 

6. IMPORT INTERMEDIATE CERTIFICATE TO CACERTS.JKS AND KEYSTORE.JKS:

 

> keytool -import -v -trustcacerts -alias intermediate -file COMODORSAAddTrustCA.crt -keystore keystore.jks

> keytool -import -v -trustcacerts -alias intermediate -file COMODORSAAddTrustCA.crt -keystore cacerts.jks


> keytool -import -v -trustcacerts -alias intermediate -file COMODORSADomainValidationSecureServerCA.crt -keystore keystore.jks

> keytool -import -v -trustcacerts -alias intermediate -file COMODORSADomainValidationSecureServerCA.crt -keystore cacerts.jks

 

Note : Use a Unique alias name for each intermediate certificate.

 

7. IMPORT MAIN CERTIFICATE TO KEYSTORE.JKS (THE ALIAS SHOULD BE SAME AS THAT OF THE KEYSTORE):


> keytool -import -alias youralias -trustcacerts -file your_domain_certificate.crt -keystore keystore.jks

 

 

8. CONFIGURE HTTP-LISTENER-2:


On the Glassfish Admin console, go to Configurations -> Server Config -> http-listener-2 and:

  1. Under the General tab, change the port from 8181 to 443
  2. Under the SSL tab, change the Certificate NickName from s1as to the alias of the main certificate (youralias) (which should be the same as the keystore alias)
  3. Save


9. REFERENCE INSTALLED CERTIFICATE IN THE DOMAIN.XML:


Open the /config/domain.xml and replace all references of s1as with the alias of the installed certificate (youralias)

 

 

(1631 vote(s))
Helpful
Not helpful
Comments (0)