Steps in using verisign certificate with Glassfish appserver(I tried these steps and worked fine with trial ssl cert from verisign): 1. Generate the key pair delete mykeystore.jks if already exists keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry" 2. Generate the certificate request 3. Sign the certificate with CA Goto www.verisign.com cat testserver.cer and cut & paste in the certificate area. You may receive the mail with instructions. 4. Import the replied certificate into keystore Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) . Import into mykeystore.jks (same keystore as used in the first step) and assume keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer If the above steps were not correct, you may face certificate chain issue during import. Double check the subject and issuer of the certificate (test-server). keytool -list -keystore mykeystore.jks -alias test-server -v Now your server certificate is ready to use. In glassfish server environment: 1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server. 2. Copy mykeystore.jks to keystore.jks (under domain1/config) 3. Import the CA certs in trust store (domain1/config/cacerts.jks): keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v 4. Start the server At this point you should able to access https://localhost:8181/ with new test-server certificate.
|
Posted by periyasamy.r at Feb 02, 2011 22:58