users@glassfish.java.net

Re: Migrate SSL App from Apache to GlassFish v3

From: <glassfish_at_javadesktop.org>
Date: Wed, 30 Dec 2009 06:55:04 PST

Thanks for the information but I am still confused on the correct setup.

1. Using openssl, I created the p12 file from my .crt and .key files. I imported the p12 into the keystore,jks file. I set the alias name to 's1as". Is this correct? In portecle, this entry has a two key icon.

2. There is a second file, cacerts.jks. What is the function of this file? Do I import my .crt file into this file? If this is the case, does the alias name also need to match the p12 imported into the keystore.jks (s1as)?

3. My certificate is signed by a CA and you mentioned I also need to import a public key file into the keystore.jks. I don't have a "public" key file. As I mentioned, I have an existing Apache configuration and all it uses is the .crt and .key files. If a third public key file is really needed, then I need to start investigating how and where the original certificate was signed.

4. I have not changed any the Glassfish passwords so "changeit" remains as the default password for both the keystore.jks and cacerts.jks files.


Sorry for the additional questions but I don't understand what is exactly needed from the glassfish end to make this work. As I mentioned, my starting point is Apache and the two files (.crt = signed certificate and .key = private key) that is specified in the Apache http config file. Nothing is changing from the website point of view (url is the same). I simply want to turn off Apache and turn on Glassfish.
[Message sent by forum member 'kerbo' (kelston_at_us.ibm.com)]

http://forums.java.net/jive/thread.jspa?messageID=378057