(1 votes, average: 5.00 out of 5)
Planning to install an SSL certificate on GlassFish but don’t know how? Don’t worry; we will help you out. You can follow a straightforward process that only involves five steps, and here are those five steps:
Before we start understanding the installation process, one prerequisite must be completed: CSR Generation. Hence, let’s begin the process from the beginning to get a clear picture of how things are done.
If you are new to SSL certificates, let me tell you what a CSR is, as this will help you understand the process much better. The full form of CSR is “Certificate Signing Request.” CSR is an encoded text sent to CA so that they can verify the company’s or website’s identity.
Now, returning to the topic – “How to generate CSR?” To accomplish this task, there are two steps, and you can follow any one of these:
Note: If you have decided to do it manually, remember that all the information provided by you in the CSR should be the latest and correct, or else the CA will not sign your certificate.
After the generation of CSR, open the file in a text editor like Notepad or TextPad, and review the file for possible typos or spelling mistakes. Once sure that there are no mistakes, send it to a CA. The duration for certificate files to reach you may differ, as it depends upon the type of validation you have selected for your website. Once you have received the certificate, import all the files into the GlassFish keystore containing your secret key. (It’s the identical keystore you’ve utilized to develop your CSR.) With this, the prerequisite is complete, and we can finally move to the installation process.
For a better understanding, let’s go through the installation process in the form of steps:
Open or double-click the .zip folder and extract the certificate files. Once you have unzipped and extracted the files, you will notice that the files are available in two formats:
Recommended: What Is a PEM File & How to Create It?
Choose a single format and start the uploading process. If you choose PEM, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have selected the PKCS#7 format.
Step1: Import the Root and Intermediate Certificates (CA bundle) by using the command given below:
keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks
Note: The alias name and keystore alias names should not be the same.
Step 2: Utilize the below-written code to upload the files after importing the SSL certificate:
keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks
Note: The alias and keystore alias names should be the same.
Step 1: Use the command given below to upload every single file in one go:
keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks
The myalias attribute must match the alias set for your keystore.Note: You will be prompted to enter the keystore password and make sure that attribute – myalias, matches the alias set for your keystore. (If you have doubts, use this command: “keytool -list -v -keystore mykeystore.jks” to see the alias name.)
Your next step after preparing the keystore is to import it into the GlassFish keystore (default). If you are not aware of where it is or where to find it, you can follow the path given below:
Note: Domain1 is created by default by the GlassFish server, and if you are planning to add another domain, use the GlassFish directory rather than using the default directory.
You can use the command given below to import one keystore into another:
keytool -importkeystore -srckeystore mykeystore.jks -destkeystore keystore.jks
GlassFish keystores and GlassFish master (domain) passwords should be similar, or else the SSL certificate won’t perform.
To enable a new SSL Certificate, you need the configuration of your GlassFish server to be updated. Again as in step 2, there are two methods to do this.
If you are planning to use the console, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have chosen to do it manually.
Scenario 1: Step 1: Start secure administration attribute or feature by running the below command:
asadmin enable-secure-admin yoursite.com
Note: Don’t use “yoursite.com” as shown in the command; instead, use your domain name.
Step 3: Disregard the warning prompt and follow the path given below:
Configurations > server-config > HTTP Service > HTTP Listeners > http-listener-2:
Step 4: Navigate to the “SSL” tab and input the certificate alias in the Certificate Nickname area or field; for reference, keystore and certificate alias are the same. Revise HTTPS port from 8181 to 443. (8181 is the default port.) This can be done by navigating to the General tab.
If you don’t know the location ofthe file (domain.xml), you can follow this path:
Step 1: Stop the GlowFish service so that you can safely perform the update by using the command given below:
asadmin stop-domain yoursite.com
Note: Replace the term “yoursite.com” and use the actual “domain name.“
Step 4: After saving the file, initiate the domain by using the command below:
asadmin start-domain yoursite.com
It is always advisable to check or test the certificate’s installation status. To do this, use SSL testing tools, such as SSL Checker. If there are any vulnerabilities or potential errors, you can find them instantly and get a detailed report regarding the same by using this tool.
Looking for unbeatable SSL security at a competitive price? Look no further than CheapSSLWeb.com! Our partnerships with top SSL brands in the industry guarantee you the best protection for your website. Plus, with our exceptional support, you can ensure your website is in good hands. Take advantage of our massive discounts to save even more! Don’t settle for inadequate security – choose cheap SSL certificates for all your SSL needs today!