Steps in using verisign certificate with Glassfish appserver
By: jagadesh
1. Generate the key pair
delete mykeystore.jks if already exists
keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry"
2. Generate the certificate request
keytool -certreq -alias test-server -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
3. Sign the certificate with CA
Goto www.verisign.com
Try with Free Trial SSL -->
cat testserver.cer and cut & paste in the certificate area.
You may receive the mail with instructions.
4. Import the replied certificate into keystore
Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) .
Import into mykeystore.jks (same keystore as used in the first step) and assume
keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file verisign_intermediate_ca.cer
keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer
If the above steps were not correct, you may face certificate chain issue during import.
Double check the subject and issuer of the certificate (test-server). [ keytool -list -keystore mykeystore.jks -alias test-server -v ]
Now your server certificate is ready to use.
In glassfish server environment:
1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server.
2. Copy mykeystore.jks to keystore.jks (under domain1/config)
3. Import the CA certs in trust store (domain1/config/cacerts.jks):
keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file verisign_intermediate_ca.cer
4. Start the server
At this point you should able to access https://localhost:8181/ with new test-server certificate.
Tried to give you some level of information before I take more time in creating a doc and later I will have wiki page with screenshots.
Hope this helps.
Archived Comments
Comment on this tutorial
- Data Science
- Android
- AJAX
- ASP.net
- C
- C++
- C#
- Cocoa
- Cloud Computing
- HTML5
- Java
- Javascript
- JSF
- JSP
- J2ME
- Java Beans
- EJB
- JDBC
- Linux
- Mac OS X
- iPhone
- MySQL
- Office 365
- Perl
- PHP
- Python
- Ruby
- VB.net
- Hibernate
- Struts
- SAP
- Trends
- Tech Reviews
- WebServices
- XML
- Certification
- Interview
categories
Related Tutorials
Java program to get location meta data from an image
Program using concept of byte long short and int in java
Update contents of a file within a jar file
Tomcat and httpd configured in port 8080 and 80
Count number of vowels, consonants and digits in a String in Java
Student marks calculation program in Java
Calculate gross salary in Java
Calculate average sale of the week in Java
Vector in Java - Sample Program