How to Install an SSL Certificate on GlassFish?

Step-by-Step Guide to Install an SSL Certificate on a GlassFish Server

Planning to install an SSL certificate on GlassFish but don’t know how? Don’t worry; we will help you out. You can follow a straightforward process that only involves five steps, and here are those five steps:

• Unzipping and extracting the files
• Uploading the extracted files to the GlassFish server
• Importing keystore into GlassFish default keystore
• Entering passwords
• Updating the configuration of your server

Before we start understanding the installation process, one prerequisite must be completed: CSR Generation. Hence, let’s begin the process from the beginning to get a clear picture of how things are done.

CSR Generation for GlassFish

If you are new to SSL certificates, let me tell you what a CSR is, as this will help you understand the process much better. The full form of CSR is “Certificate Signing Request.” CSR is an encoded text sent to CA so that they can verify the company’s or website’s identity.

Now, returning to the topic – “How to generate CSR?” To accomplish this task, there are two steps, and you can follow any one of these:

• Use a CSR Generator tool to generate CSR automatically.
• Do it manually

Note: If you have decided to do it manually, remember that all the information provided by you in the CSR should be the latest and correct, or else the CA will not sign your certificate.

After the generation of CSR, open the file in a text editor like Notepad or TextPad, and review the file for possible typos or spelling mistakes. Once sure that there are no mistakes, send it to a CA. The duration for certificate files to reach you may differ, as it depends upon the type of validation you have selected for your website. Once you have received the certificate, import all the files into the GlassFish keystore containing your secret key. (It’s the identical keystore you’ve utilized to develop your CSR.) With this, the prerequisite is complete, and we can finally move to the installation process.

Installing an SSL Certificate on GlassFish

For a better understanding, let’s go through the installation process in the form of steps:

Step1: Unzipping and extracting the files

Open or double-click the .zip folder and extract the certificate files. Once you have unzipped and extracted the files, you will notice that the files are available in two formats:

• PEM (.ca-bundle and .crt)
• PKCS#7 (.cer files and .p7b)

Recommended: What Is a PEM File & How to Create It?

Step 2: Uploading the extracted files to the GlassFish server

Choose a single format and start the uploading process. If you choose PEM, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have selected the PKCS#7 format. 

Scenario1

Step1: Import the Root and Intermediate Certificates (CA bundle) by using the command given below:

keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks

Note: The alias name and keystore alias names should not be the same.

Step 2: Utilize the below-written code to upload the files after importing the SSL certificate:

keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks

Note: The alias and keystore alias names should be the same.

Scenario2:

Step 1: Use the command given below to upload every single file in one go:

keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks

The myalias attribute must match the alias set for your keystore.Note: You will be prompted to enter the keystore password and make sure that attribute – myalias, matches the alias set for your keystore. (If you have doubts, use this command: “keytool -list -v -keystore mykeystore.jks” to see the alias name.)

Step 3. Importing keystore into GlassFish default keystore

Your next step after preparing the keystore is to import it into the GlassFish keystore (default). If you are not aware of where it is or where to find it, you can follow the path given below:

glassfish4/glassfish/domains/domain1/config/keystore.jks

Note:  Domain1 is created by default by the GlassFish server, and if you are planning to add another domain, use the GlassFish directory rather than using the default directory.

You can use the command given below to import one keystore into another:

keytool -importkeystore -srckeystore mykeystore.jks -destkeystore keystore.jks

Step 4. Entering passwords

GlassFish keystores and GlassFish master (domain) passwords should be similar, or else the SSL certificate won’t perform.

Step 5. Updating the configuration of your server

To enable a new SSL Certificate, you need the configuration of your GlassFish server to be updated. Again as in step 2, there are two methods to do this.

• Using Administration Console
• Editing the domain.xml file manually.

If you are planning to use the console, follow the steps mentioned in Scenario 1 or directly move to Scenario 2 if you have chosen to do it manually.

Scenario 1: Step 1: Start secure administration attribute or feature by running the below command:

asadmin enable-secure-admin yoursite.com

Note: Don’t use “yoursite.com” as shown in the command; instead, use your domain name.

Step 2: Access the Administration Console by connecting to https://yoursite.com:4848.

Step 3: Disregard the warning prompt and follow the path given below:

Configurations > server-config > HTTP Service > HTTP Listeners > http-listener-2:

Step 4: Navigate to the “SSL” tab and input the certificate alias in the Certificate Nickname area or field; for reference, keystore and certificate alias are the same. Revise HTTPS port from 8181 to 443. (8181 is the default port.) This can be done by navigating to the General tab.

Scenario 2:

If you don’t know the location ofthe file (domain.xml), you can follow this path:

glassfish4/glassfish/domains/domain1/config/domain.xml.

Step 1: Stop the GlowFish service so that you can safely perform the update by using the command given below:

asadmin stop-domain yoursite.com

Note: Replace the term “yoursite.com” and use the actual “domain name.“

Step 2: Open thedomain.xml file, and to accomplish this, you can use any text editor.

Step 3: Use the find option (Ctrl+F) to find an attribute known as slas and substitute it with the certificate alias (myalias).

Step 4: After saving the file, initiate the domain by using the command below:

asadmin start-domain yoursite.com

Testing the installation status 

It is always advisable to check or test the certificate’s installation status. To do this, use SSL testing tools, such as SSL Checker. If there are any vulnerabilities or potential errors, you can find them instantly and get a detailed report regarding the same by using this tool.

Where can I purchase an SSL certificate for Oracle GlassFish Server?

Looking for unbeatable SSL security at a competitive price? Look no further than CheapSSLWeb.com! Our partnerships with top SSL brands in the industry guarantee you the best protection for your website. Plus, with our exceptional support, you can ensure your website is in good hands. Take advantage of our massive discounts to save even more! Don’t settle for inadequate security – choose cheap SSL certificates for all your SSL needs today!

Search