How do I manage SSL certificates using keytool?

Ryan de Laplante wrote:

Whoever writes this wiki page could probably benefit from this blog entry

Patrick Ward wrote:

Unfortunately, the URL referenced above keeps timing out, so here's my two cents:

Use the keytool to create a public/private key pair (CN=server host Name, e.g www.com):

% $JAVA_HOME/bin/keytool -genkey -alias server -keyalg RSA -dname "CN=www.com,OU=WEB,O=WWW,L=Berkshire,S=England,C=UK" -keypass changeit -storepass changeit -keystore server.keystore

Create a certificate file (.csr file) to submit to a CA:

% $JAVA_HOME/bin/keytool -certreq -alias server -keystore server.keystore -storepass changeit -keypass changeit -file server.csr

Send server.csr file to CA to process certificate request.

Import the new certificate into your keystore file:

% $JAVA_HOME/bin/keytool -import -alias server -storepass changeit -file server.crt -keystore server.keystore -trustcacerts

Copy the keystore file to the root directory of your glassfish installation:

% /bin/cp -p server.keystore /glassfish/domains/domain1/config/keystore.jks