users@glassfish.java.net

Re: tring to set up Glassfish v3 with ssl using versign

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 06 Jul 2010 15:24:08 +0530

glassfish_at_javadesktop.org wrote:
> I have recently been testing a glassfish v3, and wanted to enable the ssl using the trial versign certificates. Here are the steps I have done so far. Any heads up in doing a better job will be most apreciated.
>
> *already have glassfish installed.
>
> 1) create the keystore with this command (this is found in the jdk/bin)
> keytool -genkey -alias test -keyalg RSA -keystore mykeystore.jks -dname "CN=www.testsite.hn, OU=testing, O=Org namel, L=City name, S=State, C=country"
>
> *remember the CN is the url you wish to cerftify so place it as wished.
>
> 2)
> *Create the request that versign needs
> keytool -certreq -alias test -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
>
> 3)
> Get all 3 certificates that versign gives you as following
> *Save the email certificate as email.cer,
> *Save the intermediate certificate as intermediate.cer
> *Save the root certificate as root.cer
> *perform the next steps, you can just copy & paste on the commandline
>
> keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file intermediate.cer
>
> keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file root.cer -v
>
> keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file email.cer
>
> keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file root.cer -v
>
> keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file intermediate.cer
>
> *Once that is done, go to and place the cacerts.jks and mykeystore.jks at glassfish/domain/domainX folder (domainX is the domain you wish the certificate to work at)
>
> 4)
> *Now we configure the ssl, to make this simple go and use the web admin consule, go to network config/Network Listener/http-listener-2
> -Enable security
>
> * Go to the SSL tab
> Certificate NickName: test
> Key Store: mykeystore.jks
> Trust Store: cacerts.jks
>
> 5)
> *Go to the virtual servers and add
> hosts:www.testsite.hn
> (Has to be the same as the CN in the first step)
>
> 6)
> * if your under windows go to windows/system32/drivers/hots and add
> 127.0.0.1 www.testsite.hn
>
> 7) *restart glassfish and run your app under ssl
> https://www.testsite.hn:8181/myApp
>
>
> (final details to polish)
> How to get rid of the port 8181 on the url?
>
if you are planning to use a proxy front-end this might help :
http://forums.java.net/jive/thread.jspa?threadID=44090

> How to set the site to load self load the app with out specifying it
> (https://www.testsite.hn) Al ready load the myApp
>
>
http://docs.sun.com/app/docs/doc/821-1751/beaga?l=en&a=view&q=GlassFish+default+web+module

> i believe these things are quite simple, but any help will be appreciated. Once all of this is complete ill make a polished tutorial with images and all.
> [Message sent by forum member 'grburgos']
>
> http://forums.java.net/jive/thread.jspa?messageID=476808
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>