Certificate Installation: Glassfish

May 25, 2018 in WebServer

Certificate Installation for GLASSFISH:
After approval, you need to download a zip file which contains all certificates you need. During this step you will be asked for which server you are downloading certificates. You could select other because glassfish is not listed. Your download may contain 3 files Depending on the Certificate Type:

For Example:

Root: AddTrustExternalCARoot.crt
Intermediate: COMODOSSLCA.crt
Entity: mydomain.com.crt

First file 'bundle' are certificates belonging to comodo.com. They are used to verify your domain’s certificate. They may already contained in your cacerts.jks but there is no harm importing them in your keystore.jks. Import these certificates to your keystore.jsk using following steps:

  • keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key

  • keytool -import -trustcacerts -alias intermed -file (INTERMEDIATE CA FILE NAME) -keystore domain.key

  • keytool -import -alias mydomain.com -keystore keystore.jks -trustcacerts -file mydomain.com.crt

1. If you are warned certificate already exist with a different alias choose yes to continue importing certificate.
2. As we have said at the beginning your domain’s domain.xml file contains references to s1as certificate. Open domain.xml with your editor of choice and replace every s1as with mydomain.com and save it.
3. Test your setup
4. Start your domain using following command. You will be asked master password of your keystore.jks.

asadmin start-domain your_domain

5. Enter master password (3) attempt(s) remain)>Enter your master password here
6. Check your setup my navigating to https:// mydomain.com:ssl_port/. Your browser of choice will either warn you about invalid certificate, or you will see that it is verified by Sectigo.

Note: ssl_port is by default 8181, if you haven’t changed it yet from your domain.xml. If you change it to default 443, do not forget to configure your firewall to allow TCP over that port.