Am 22.05.15 um 18:20 schrieb Jeffrey Beckstrom:
> Then why on Admin GUI is there an option to enter the keystore's name?
Hmm, Jeffrey, do you know how to work with SSL and GlassFish? ;)
Ok, i will help you.
cd /opt/glassfish4/glassfish/domains/domain1/config/
# save the keystore and the domain.xml
cp keystore.jks keystore.jks.bak
cp domain.xml domain.xml.bak_ssl
# you need an pkcs12 of your crt and key
openssl pkcs12 -export -in /path/to_you_cert.crt -inkey
/path/to_you_cert.key -out /path/to_you_cert.p12 -name <cert_name>
-CAfile /path/to_you_cert_chain.pem -caname <chainname>
Enter Export Password: changeit
Verifying - Enter Export Password: changeit
keytool -importkeystore -deststorepass changeit -destkeypass changeit
-destkeystore keystore.jks -srckeystore /path/to_you_cert.p12
-srcstoretype PKCS12 -srcstorepass changeit -alias <cert_name>
<cert_name> the name of you Cert, what ever you like, this is the name
for the GlassFish WebGui -> Certificate NickName
<chainname> the name of you Cert Chain, what ever you like
If is't working then perfect, if not come back with error message of:
/opt/glassfish4/glassfish/domains/domain1/logs/server.log
--
ae | Andreas Ernst | IT Spektrum
Postfach 5, 65612 Beselich
Schupbacher Str. 32, 65614 Beselich, Germany
Tel: +49-6484-91002 Fax: +49-6484-91003
ae_at_ae-online.de | www.ae-online.de
www.tachyon-online.de