DENZ OUZ

Programming is my hobby and my job

RSS

J A N

2011

Installing GoDaddy SSL Certificates on Glassfish v3 Step by Step

Introduction to Glassfish SSL

Newly created domains on glassfish has already a self signed certificate in DOMAIN_DIR/config/keystore.jks file. By default this keystore has
default password of changeit. This certificate is named as s1as. To see this certificate you could issue following command:

keytool -list -keystore keystore.jks

When asked enter default password changeit. You will see a similar output to following:

Keystore type: JKS

Keystore provider: SUN
Your keystore contains 6 entries
s1as, Dec 28, 2010, PrivateKeyEntry,
Certificate fingerprint (MD5): EA:56:23:46:7E:12:DA:6A:0D:8C:B9:12:11:0A:1A:8B
There should be a certificate with alias s1as. Since your glassfish will use this certificate by default, your domain.xml file in config folder of your
domain will contain references to s1as from several places. We will change these references later.
I recommend you to change default password of keystore.jks. To change password use following command:

keytool -sotrepasswd keystore keystore.jks

When asked enter default password changeit and later enter new password for you keystore.jks. You should not forget this password. You will
need this password for every operation you will perform on your keystore.jks file. Also you will be asked this password every time you start your
domain. This password is called master password for your keystore.jks. Each entry in keystore.jks may have its own password, I recommend
to make these passwords same with master password if possible.
There is another key file in glassfishs domain folder named cacerts.jks. This file contains certificates from trusted authorities like godaddy,
verisign etc. Certificates from this file is used to verify integrity of certificates you will purchase from certificate authorities. These certificates are
called root certificates. But you may also import root certificates to keystore.jks too.

Purchasing Certificate and Installing Certificate

When you buy a certificate from a certificate authority (for example Godaddy) you have given a credit for certificate. You have to convert this credit
to valid SSL certificate. To convert a credit to certificate you have to complete several step.

1) Check and correct Whois database entry for your domain:

Check your domains whois information and if they are not correct fix them. Especially your company name, and email address. GoDaddy will send
an approval email to this email address.

2) Generate a certification request by using following steps:

Generate a new entry in keystore.jks with information of your domain.
keytool -keysize 2048 -genkey -alias www.yourdomain.com -keyalg RSA dname
"CN=www.domain.com,O=company,L=city,S=State,C=Country" -keystore keystore.jks
Enter password of you keystore when asked. GoDaddy requires at least 2048 bits keysize. CN is your sites domain name, O is your company
name, L is the city, C is the 2 character country code. There are more options you could specify if you want. But these are enough. alias is the key
you will use to refer this certificate. We will refer it from domain.xml.

Create the request file for submitting to Godaddy.

keytool certreq alias www.yourdomain.com keystore keysore.jks file cert_req.csr
Enter password of you keystore when asked.
cert_req.csr file will contains your certification request which you will submit to certificate authority. For GoDaddy you will open this file with a text
editor and enter it to a text area as shown in following figure:

converted by Web2PDFConvert.com

You should include everything between and including followings.

BEGIN NEW CERTIFICATE REQUEST
END NEW CERTIFICATE REQUEST
After completing certification request submission. They will send an approval email to your email address shown on whois database.

3) Approve certification and import your certificates.

After approval you need to download a zip file which contains all certificates you need. During this step you will be asked for which server you are
downloading certificates. You could select other because glassfish is not listed. Your download will contain 4 files:
gd_bundle.crt
gd_cross_intermediate.crt
gd_intermediate.crt
yourdomain.com.crt
First 3 of them are certificates belonging to godaddy.com. They are used to verify your domains certificate. They may already contained in your
cacerts.jks but there is no harm importing them in your keystore.jks. Import these certificates to your keystore.jsk using following steps:

keytool -import -alias root -keystore keystore.jks -trustcacerts -file gd_bundle.crt

keytool -import -alias cross -keystore keystore.jks -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermed -keystore keystore.jks -trustcacerts -file gd_intermed.crt
keytool -import -alias www.yourdomain.com -keystore keystore.jks -trustcacerts -file yourdomain.com.crt
If you are warned certificate already exist with a different alias choose yes to continue importing certificate.
As we have said at the beginning your domains domain.xml file contains references to s1as certificate. Open domain.xml with your editor of
choice and replace every s1as with www.yourdomain.com and save it.

4) Test your setup

Start your domain using following command. You will be asked master password of your keystore.jks.
asadmin start-domain your_domain
Enter master password (3) attempt(s) remain)>Enter your master password here
Check your setup my navigating to https://www.yourdomain.com:ssl_port/. Your browser of choice will either warn you about invalid
certificate, or you will see that it is verified by Godaddy.com. ssl_port is by default 8181, if you havent changed it yet from your domain.xml. If you
change it to default 443, do not forget to configure your firewall to allow TCP over that port.
Installing GoDaddy SSL Certificates on Glassfish v3 Step by Step, 10.0 out of 10 based on 2 ratings
By Deniz Glassfish, Java Tags: Glassfish, Java

java.lang.OutOfMemoryError and Native Memory

Podcast Suggestions for Software Engineers

2 Comments
Tom
A UG 29, 2011 @ 12:35:02

I just followed the tutorial, very nice indeed. But I got an error. The sun developers mentioned not to change the password of the
keyfile directly. Instead use the asadmin utility. http://weblogs.java.net/blog/2007/11/19/ssl-and-crl-checking-glassfish-v2#4
When I eventualy tried to change the password it gave me an error. I stopped the server and retyped the command as on the
converted by Web2PDFConvert.com

documentation and it worked again.

Rating: 0.0/5 (0 votes cast)
Rating: 0 (from 0 votes)

Rob Weaver
SEP 21, 2012 @ 04:43:07

Found an issue with this that was resolved by following the instructions about concatenating the certificate with the intermediate
certificate from GoDaddy.
I was getting errors on iOS because my intermediate certificate wasnt chained.
see http://i-cat.blogspot.com/2009/02/glassfish-and-intermediate-ssl.html
Rating: 0.0/5 (0 votes cast)
Rating: 0 (from 0 votes)

Leave a Reply
Your Name *
Your Email *
Your Website

Post Comment

I
E

X
R

C
O

E
R

certificate-error.smartpcfixer.com

How to Fix Certificate Error. Only 3

Steps (Recommended)

Popular
Minecraft 1.6.2ye Nasl Mod Yklenir
Real-Time Java Adaptation: Part 1
Snapping W indow s and Moving Them Betw een Screens in Mac OS X
converted by Web2PDFConvert.com

Introduction to Real-Time Java

New Features of JDK 7 Explained

Recent Posts
Maximum Heap Available to Dalvik in Different Android Devices
Share Text Photo
Android Kargo Takip Uygulamas
Component Level Versioning and Bundle of Components in JIRA
CMMI, Scrum, Kanban

Categories
Android (7)
Apache Cassandra (1)
Cloud (1)
Design (1)
Enterprise Systems (1)
Glassfish (1)
Java (24)
JavaScript (3)
JEE (2)
Mac Os X (5)
MongoDB (2)
Operating Systems (8)
Personal (7)
Programming Languages (3)
Real-Time Java (4)
Uncategorized (2)
Web (2)
Work Log (3)

Meta
Log in
Entries RSS
Comments RSS
WordPress.org

DENZ OUZ 2014

Pow ered by WordPress Themify WordPress Themes

converted by Web2PDFConvert.com