users@glassfish.java.net

Re: Migrate SSL App from Apache to GlassFish v3

From: Major Péter <majorpetya_at_sch.bme.hu>
Date: Thu, 31 Dec 2009 23:09:48 +0100

Now I tried to solve this with my own installation. I have an apache too
with a not self-signed certificate (the root ca is selfsigned though).
The steps I've made:
* openssl pkcs12 -export -in apache.crt -inkey apache.key -out apache.p12
This will create a PKCS#12 keystore, which stores the apache's
certificate. This also asks for export password, I gave to it 'changeit'.
* asadmin stop-domain
* open the domains/domain1/config/keystore.jks with portecle
** delete the 's1as' alias private key
** save
** Import Key Pair, select apache.p12, 'changeit' password, add to the
keystore with 'changeit' password, 's1as' alias.
** save, close portecle
* asadmin start-domain

And that's it, I tried it like this, and it worked, I don't know why,
because I haven't added the Root CA's public key to the keystore...

After that, I've just opened https://localhost:8181 and there it was
with the wrong domain error, but it worked flawlessly when I tried with
my real hostname.

Happy New Year!

Regards,
Peter

2009-12-31 05:26 keltezéssel, glassfish_at_javadesktop.org írta:
> I reinstalled GlassFish to make sure I didn't screw up something. After I made sure the application was working (http), I installed the p12 file into the keystore.jks file using the alias name "s1as" and replacing the existing entry.
>
> At this point, the browser times out when trying https. Also, the Admin console will not load. If I remove the p12 file from the keystore, the Admin console will start working again (after a server restart)
>
> Using FF (running under Apache), I did a certificate export but the file (I tried the CA root and other branches) is not recognized as a key file by portecle and can't be imported. The file will import as a certificate however importing as a certificate has no impact.
>
> The error message from trying to start the Admin console is:
>
> [#|2009-12-30T23:18:40.946-0500|WARNING|glassfishv3.0|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=29;_ThreadName=Thread-1;|SSL support could not be configured!
> java.io.IOException: Cannot recover key
>
> Any other ideas?