1 Reply Latest reply on May 2, 2012 12:56 AM by handat

    SSL Configuration on Glassfish not working.

      Hi All,

      I am configuring SSL in glassfish v3 server on Linux Platform
      I followed following steps to configure SSL in glassfish :

      1. keytool -keysize 2048 -genkey -alias wwww.domain.com -keyalg RSA -dname "CN=wwww.domain.com,O=company,L=city,S=State,C=Countery" -keypass changeit -
      storepass changeit -keystore server.keystore
      2. keytool -certreq -alias www.domain.com -keystore server.keystore -storepass changeit -keypass changeit -file server-2048.csr
      3. keytool -import -alias root -keystore server.keystore -trustcacerts -file valicert_class2_root.crt
      4. keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt
      5. keytool -import -alias intermed -keystore server.keystore -trustcacerts -file gd_intermediate.crt
      6. keytool -import -alias www.domain.com -keystore server.keystore -trustcacerts -file your domain.crt
      7. Make sure that the domain is stopped using asadmin stop-domain domain_name
      8. create a backup of the domain.xml
      9. Open domain.xml in a text editor like gedit, kate or wordpad and replace all occurrence of s1as with www.domain.com which is the certificate alias.

      After successfully completing these steps, my server doesn't refer to the SSL certificate I purchased from godaddy. Instead it referring to GoDaddy certificate, my server refers to self signed certificate.

      Can anyone tell me, where I made the mistake.
        • 1. Re: SSL Configuration on Glassfish not working.
          Did you also hack server.xml to use server.keystore instead of its default keystore.jks ? You seem to only have hacked server.xml to replace the alias for s1as which isn't the proper way of doing it anyway.

          Assuming your HTTPS listener is the 2nd listener, ie the first being the http listener, the following command would assign your certificate to the second listener assuming you imported the certificate into keystore.jks

          asadmin set --user admin server.http-service.http-listener.http-listener-2.ssl.cert-nickname=www.domain.com