I have recently been testing a glassfish v3, and wanted to enable the ssl using the trial versign certificates. Here are the steps I have done so far. Any heads up in doing a better job will be most apreciated.
*already have glassfish installed.
1) create the keystore with this command (this is found in the jdk/bin)
keytool -genkey -alias test -keyalg RSA -keystore mykeystore.jks -dname "CN=www.testsite.hn, OU=testing, O=Org namel, L=City name, S=State, C=country"
*remember the CN is the url you wish to cerftify so place it as wished.
2)
*Create the request that versign needs
keytool -certreq -alias test -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
3)
Get all 3 certificates that versign gives you as following
*Save the email certificate as email.cer,
*Save the intermediate certificate as intermediate.cer
*Save the root certificate as root.cer
*perform the next steps, you can just copy & paste on the commandline
keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file intermediate.cer
keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file root.cer -v
keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file email.cer
keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file root.cer -v
keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file intermediate.cer
*Once that is done, go to and place the cacerts.jks and mykeystore.jks at glassfish/domain/domainX folder (domainX is the domain you wish the certificate to work at)
4)
*Now we configure the ssl, to make this simple go and use the web admin consule, go to network config/Network Listener/http-listener-2
-Enable security
* Go to the SSL tab
Certificate NickName: test
Key Store: mykeystore.jks
Trust Store: cacerts.jks
5)
*Go to the virtual servers and add
hosts:www.testsite.hn
(Has to be the same as the CN in the first step)
6)
* if your under windows go to windows/system32/drivers/hots and add
127.0.0.1 www.testsite.hn
7) *restart glassfish and run your app under ssl
https://www.testsite.hn:8181/myApp
(final details to polish)
How to get rid of the port 8181 on the url?
How to set the site to load self load the app with out specifying it
(
https://www.testsite.hn) Al ready load the myApp
i believe these things are quite simple, but any help will be appreciated. Once all of this is complete ill make a polished tutorial with images and all.
[Message sent by forum member 'grburgos']
http://forums.java.net/jive/thread.jspa?messageID=476808