It seems that build isn’t that important, as long as you are using a recent version of Glassfish and Ubuntu it should be fine. I will setup a guide on how to setup glassfish server soon. In the meantime, check the reference for nabisoft at the end of the article, it was my best reference for that part.
This tutorial is mainly directed to StartSSL user’s in the file naming convention but can work for anyone.
- Ubuntu 16.04 Server (64 bits)
- Glassfish 4.1
- StartSSL certificate
You will have 3 public keys after correctly filing your certificate signing request (.csr) file to your certificate authority (CA). They will be named as such:
You would have had a private key which you used when you generated your CSR file. For the sake of this tutorial we will call this yourdomain.com.key .
Move to your glassfish domain’s config directory and store all your files there. I am assuming you are using the default domain, domain1.
Mash up our three certificated into one file using this command. Remember: don’t forget to change the values!
cat 2_yourdomainname.com.crt 1_Intermediate.crt root.crt > all.crt
Now we import these certificates into our cacerts keystore. The keystore names I am going to assume are those shipped by default with glassfish 4.1 . Fill in ‘yourAlias’ with any non-conflicting name you wish but keep note of it for later.
keytool -import -trustcacerts -alias yourAlias -file all.crt -keystore cacerts.jks
We are now going to decrypt the (.key) file and make a (.p12) file which will be installed into the server. The default password is ‘changeit’ and I shouldn’t have to mention… you should change it!
openssl pkcs12 -export -in all.crt -inkey yourdomain.com.key -out yourdomain.com.p12 -name yourAlias -CAfile 1_Intermediate.crt -caname immed
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore yourdomain.com.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias yourAlias
Ensure that all the certificates installed correctly. Check both keystores using the following two commands:
keytool -list -keystore keystore.jks
keytool -list -keystore cacerts.jks
You should see a listing of your alias in one of them in both with the text ‘trustedCaCert’ in the cacerts.jks keystore.
In the keystore.jks file you should see your private key the alias you gave it listed in one of the entries.
In order to use these keys on the domain you will need to configure domain.xml there are two ways to do this. BACKUP domains.xml before proceeding.
Method 1: terminal / command line
Replace every instance of the default s1asin the domain.xml file with yourAlias.
Method 2: Glassfish Admin Console
(Will be added later with pictures)
Restart the domain
asadmin restart-domain domain1
If you haven’t loaded asadmin to your environment path then
/path_to_glassfish_directory/bin/asadmin restart-domain domain