import ssl certificate in Glassfish

Question

i have the following issue:

I obtain a free certificate from comodo (90 days) for my glassfish web application and then i have imported the certs into glassfish 3.1 by f

Answer 1

Unfortunately I don`t have enough reputation to post images of glassfish console admin, but let me try to help somebody just using text.

NOTE1: The configuration was done on Ubuntu 12.04 server and glassfish 3.1.2

Comodo gives you 4 files

• your_domain.key (your private key)
• your_domain.crt (your public key)
• PositiveSSLCA2.crt (CA public key)
• AddTrustExternalCARoot.crt (CA public key)

Import every public key into the file cacerts.jks. To do that merge the public key files in one file:

NOTE2: The order of the files DOES matter.

cat your_domain.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt  > all.crt

Now import them using keytool:

keytool -import -trustcacerts -alias tomcat -file all.crt -keystore cacerts.jks

Create a p12 file with your private key:

NOTE3: You can use the same password for every file to make things easier.

openssl pkcs12 -export -in all.crt -inkey your_domain.key -out your_domain.p12 - name your_alias -CAfile PositiveSSLCA2.crt -caname immed

NOTE4: Don`t forget you alias (your_alias), you will need to reference it in glassfish admin console later.

Now import the private key using keytool:

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore your_domain.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias your_alias

Now your keystore.jks (with your private keys) and your cacerts.jks (with you public key) are ready to me used. If you want to check if everything is ok run:

keytool -list -keystore keystore.jks
keytool -list -keystore cacerts.jks

Go to the glassfish admin console and find the session:

• Configurations->server-config->HTTP Service->Http Listeners->http-listener-2

Go to the SSL tab and change the Certificate NickName to your_domain.

Restart Glassfish server.