Programming Tutorials

Steps in using verisign certificate with Glassfish appserver

By: jagadesh in Java Tutorials on 2010-09-02  

1. Generate the key pair delete mykeystore.jks if already exists

keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry"

2. Generate the certificate request

keytool -certreq -alias test-server -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer

3. Sign the certificate with CA

  • Goto www.verisign.com
  • Try with Free Trial SSL -->
  • cat testserver.cer and cut & paste in the certificate area.
  • You may receive the mail with instructions.

4. Import the replied certificate into keystore

Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) .

Import into mykeystore.jks (same keystore as used in the first step) and assume

keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file verisign_intermediate_ca.cer
keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer

If the above steps were not correct, you may face certificate chain issue during import.

Double check the subject and issuer of the certificate (test-server). [ keytool -list -keystore mykeystore.jks -alias test-server -v ]

Now your server certificate is ready to use.

In glassfish server environment:

1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server.

2. Copy mykeystore.jks to keystore.jks (under domain1/config)

3. Import the CA certs in trust store (domain1/config/cacerts.jks):

keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file verisign_intermediate_ca.cer

4. Start the server

At this point you should able to access <a href="https://localhost:8181/">https://localhost:8181/</a> with new test-server certificate.

Tried to give you some level of information before I take more time in creating a doc and later I will have wiki page with screenshots.

Hope this helps.</p>






Add Comment

* Required information
1000

Comments

No comments yet. Be the first!

Most Viewed Articles (in Java )

Latest Articles (in Java)