By: jagadesh in Java Tutorials on 2010-09-02
1. Generate the key pair delete mykeystore.jks if already exists
keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry"
2. Generate the certificate request
keytool -certreq -alias test-server -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
3. Sign the certificate with CA
- Goto www.verisign.com
- Try with Free Trial SSL -->
- cat testserver.cer and cut & paste in the certificate area.
- You may receive the mail with instructions.
4. Import the replied certificate into keystore
Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) .
Import into mykeystore.jks (same keystore as used in the first step) and assume
keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file verisign_intermediate_ca.cer keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer
If the above steps were not correct, you may face certificate chain issue during import.
Double check the subject and issuer of the certificate (test-server). [ keytool -list -keystore mykeystore.jks -alias test-server -v ]
Now your server certificate is ready to use.
In glassfish server environment:
1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server.
2. Copy mykeystore.jks to keystore.jks (under domain1/config)
3. Import the CA certs in trust store (domain1/config/cacerts.jks):
keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file verisign_intermediate_ca.cer
4. Start the server
At this point you should able to access <a href="https://localhost:8181/">https://localhost:8181/</a> with new test-server certificate.
Tried to give you some level of information before I take more time in creating a doc and later I will have wiki page with screenshots.
Hope this helps.</p>
This policy contains information about your privacy. By posting, you are declaring that you understand this policy:
- Your name, rating, website address, town, country, state and comment will be publicly displayed if entered.
- Aside from the data entered into these form fields, other stored data about your comment will include:
- Your IP address (not displayed)
- The time/date of your submission (displayed)
- Your email address will not be shared. It is collected for only two reasons:
- Administrative purposes, should a need to contact you arise.
- To inform you of new comments, should you subscribe to receive notifications.
- A cookie may be set on your computer. This is used to remember your inputs. It will expire by itself.
This policy is subject to change at any time and without notice.
These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:
- Although the administrator will attempt to moderate comments, it is impossible for every comment to have been moderated at any given time.
- You acknowledge that all comments express the views and opinions of the original author and not those of the administrator.
- You agree not to post any material which is knowingly false, obscene, hateful, threatening, harassing or invasive of a person's privacy.
- The administrator has the right to edit, move or remove any comment for any reason and without notice.
Failure to comply with these rules may result in being banned from submitting further comments.
These terms and conditions are subject to change at any time and without notice.
Most Viewed Articles (in Java )
Latest Articles (in Java)
- Data Science
- React Native
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews