users@glassfish.java.net

RE: New to glassfish and really need some quick ssl help

From: <bamoss_at_sceats.com>
Date: Wed, 28 Oct 2009 09:28:29 -0700
Hi,

First thing I'd do would be figure out what version of JDK I'm using, since the blog is using keytool commands from JDK6
At the command line, enter:  java -version

Then see what is in the keystore...

Keytool -list -v -keystore keystore.jks
The default password is changeit.

If you are unable to get into the keystore, you may end up having to start from scratch and create a new keystore.  The safest way to do this is to rename the existing keystore to something like keystore.old (so you can revert back to in if you need to) and then create a new keystore with the default s1as alias...

Using JDK5:
keytool -genkey -keyalg <key_alg> -keystore keystore.jks -validity <val_days> -alias s1as

Using JDK6:
keytool -genkeypair -keyalg <key_alg> -keystore keystore.jks -validity <val_days> -alias s1as

If you don't specify a value for validity, I believe that the default is only 90 days.  I tend to go with a couple of years, eg: 730

When you generate a new keystore, you can specify the keypass and storepass values, though default is changeit.

This should get you to the point where you can follow the instructions in the blog.  Hope this helps.

Derek


-------- Original Message --------
Subject: New to glassfish and really need some quick ssl help
From: glassfish@javadesktop.org
Date: Tue, October 27, 2009 12:02 pm
To: users@glassfish.dev.java.net

Well I got thrown this one as the one guy left. Here is the scenario. Glassfish V2 running on Ubuntu 8.10 server. We need SSL, and the 1st guy did 1/2 the work and got the cert but never installed it. So I both need to install the cert as well as don't have the password. I am sure the issuer can re-issue the cert, but really stuck and could use some prof' help. I am looking at http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2 URL, and the self signed is still there. I tried to delete using;
keytool -delete -alias s1as -keystore keystore.jks and get prompted for a pw which we don't have. I also have a folder which has the .csr, the .cert and a trustedroot.crt.

That's it, so to someone who know linux for a few good years and not even 5 minutes on glassfish, what is the best 1st step in getting this cert imported/installed?

Thanks
[Message sent by forum member 'xlancealotx' (lraymond@weatherflow.com)]

http://forums.java.net/jive/thread.jspa?messageID=369529

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.