Setting up SSL on Glassfish V2 or V3

ssl ssl-certificate glassfish

My employer recently purchased a Trustwave SSL certificate. Trustwave advertises support on their website, but they don't give an installation guide like they do for their other servers at all, and I am having a difficult time getting it configured correctly with GlassFish.

I found this http://blogs.oracle.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2 blog post that is sort of helpful, but I'm still unable to get it working (I think the issue is that I don't fully understand the GlassFish keystore, so I am modifying it incorrectly and the server throws security exceptions on startup).

Does anyone have any experience doing so, and can you point me to a decent resource? Thanks for any help.


My experience is more focused with Jboss and Tomcat. However, I suspect it applies to Glassfish as well.

The Java keytool is what is used to manipulate keystores. If you generated the key with openssl, keytool neither supports importing nor exporting keys.

For exporting a key, this tool can be used. For importing, this tool can be used.

Depending on the type of certificate and the authority, you will likely have to import the root certificate as well.

Here are some of my notes for basic commands..

# Generate key
/usr/java/jdk1.5.0_12/bin/keytool -genkey -alias www.example.net.key -keyalg RSA -keystore server.keystore -validity 3650

# Generate CSR
/usr/java/jdk1.5.0_12/bin/keytool -alias www.example.net -keystore server.keystore -certreq -file www.example.net.csr <<**
_PASSWORD_
**

# Import provider certs.
/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias root -keystore server.keystore -file EV_root.crt <<**
__PASSWORD__
yes
**

/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias Intermediate -keystore server.keystore -file EV_intermediate.crt <<**
__PASSWORD__
**

# Import cert
/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias www.example.net -keystore server.keystore -file www.example.net.crt <<**
_PASSWORD_
**

# List certs
/usr/java/jdk1.5.0_12/bin/keytool -keystore server.keystore -list -v <<**
_PASSWORD_
**

# Export cert
# Change 'alias' to what you want to export.
# -rfc for plaintext.
/usr/java/jdk1.5.0_12/bin/keytool -keystore server.keystore -rfc -export -alias www.example.net -file www.example.net <<**
_PASSWORD_
**

Related

Linux + how to verify linux version 32 Bit or 64 Bit [duplicate]
Updating a solution listed on Google Cloud Marketplace
Configrue Exim Sendmail for relay
MySQL keeps restarting due to running out of memory
Recovering as much as possible from a LVM where some PVs failed
Cannot get Exchange PowerShell script to run under Scheduled Tasks
SSH - Retrieve public key from incoming connections
Virtual host “Forbidden You don't have permission to access / on this server” on debian
How to dynamically decide <intercept-url> access attribute value in Spring Security?
MediaPlayer stutters at start of mp3 playback
How to simulate touch from background service with sendevent or other way?
More efficient way of updating UI from Service than intents?