users@glassfish.java.net

Re: Migrate SSL App from Apache to GlassFish v3

From: Major Péter <majorpetya_at_sch.bme.hu>
Date: Wed, 30 Dec 2009 09:22:07 +0100

You need to make sure about the followings:
- your keystore and your certificate has the same password, which is by
default 'changeit' (I don't know if it is possible to have different
passwords for them, but AFAIK it's not)
- if your certificate is not selfsigned, then you would have to import
in the keystore the Root CA's public key too.
- the glassfish domains masterpassword is used to open the keystores, so
if you have different password, then you would have to change the
masterpassword too. This means also, that the cacerts.jks and the
keystore.jks keystores must have the same passwords (which is the
domains masterpassword).
- if you have imported the private key with a differrent alias, then you
would have to change in domain.xml the configuration. (search for
's1as', and you will see)
- make sure, that the portecle shows for the certificate of yours a key
icon, so it is really a private key in your keystore

Generally, if the HTTPS is not working for some reason, then check out
the server.log, usually it has very useful messages in it, some Googling
might help there too.

Regards,
Peter


2009-12-30 02:38 keltezéssel, glassfish_at_javadesktop.org írta:
> The portecle tool is pretty cool however now that I used it I seem to be going backwards.
>
> I deleted the existing default certificate "s1as".
>
> Using openssl, I created a p12 file from my .crt and .key files and imported into the keystore. It asked for an alias name and not knowing what is required, I used the default name "s1as". It also asked for a password (the same password that was asked for when I created the p12 file)
>
> I tried https and no luck.
>
> I imported the .crt file (using the domain name for the alias), so now I have two entries in my keystore file.
>
> https still doesn't work (http on port 80 does work)
>
> Now, the admin console (port 4848) doesn't work. It tries to start but I end up with a blank browser screen.
>
> Not knowing how the Java security stuff works, I have no idea what I need to have in the keystore for my app to work. With Apache, I just provided the names of my .crt and .key files in my config file and it worked.
>
> I don't even know how to get the admin console working again.
> [Message sent by forum member 'kerbo' (kelston_at_us.ibm.com)]