0

My employer recently purchased a Trustwave SSL certificate. Trustwave advertises support on their website, but they don't give an installation guide like they do for their other servers at all, and I am having a difficult time getting it configured correctly with GlassFish.

I found this http://blogs.oracle.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2 blog post that is sort of helpful, but I'm still unable to get it working (I think the issue is that I don't fully understand the GlassFish keystore, so I am modifying it incorrectly and the server throws security exceptions on startup).

Does anyone have any experience doing so, and can you point me to a decent resource? Thanks for any help.

alanc
  • 1,500
  • 9
  • 12
javanix
  • 247
  • 4
  • 15

1 Answers1

2

My experience is more focused with Jboss and Tomcat. However, I suspect it applies to Glassfish as well.

The Java keytool is what is used to manipulate keystores. If you generated the key with openssl, keytool neither supports importing nor exporting keys.

For exporting a key, this tool can be used. For importing, this tool can be used.

Depending on the type of certificate and the authority, you will likely have to import the root certificate as well.

Here are some of my notes for basic commands..

# Generate key
/usr/java/jdk1.5.0_12/bin/keytool -genkey -alias www.example.net.key -keyalg RSA -keystore server.keystore -validity 3650

# Generate CSR
/usr/java/jdk1.5.0_12/bin/keytool -alias www.example.net -keystore server.keystore -certreq -file www.example.net.csr <<**
_PASSWORD_
**

# Import provider certs.
/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias root -keystore server.keystore -file EV_root.crt <<**
__PASSWORD__
yes
**

/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias Intermediate -keystore server.keystore -file EV_intermediate.crt <<**
__PASSWORD__
**

# Import cert
/usr/java/jdk1.5.0_12/bin/keytool -import -trustcacerts -alias www.example.net -keystore server.keystore -file www.example.net.crt <<**
_PASSWORD_
**

# List certs
/usr/java/jdk1.5.0_12/bin/keytool -keystore server.keystore -list -v <<**
_PASSWORD_
**

# Export cert
# Change 'alias' to what you want to export.
# -rfc for plaintext.
/usr/java/jdk1.5.0_12/bin/keytool -keystore server.keystore -rfc -export -alias www.example.net -file www.example.net <<**
_PASSWORD_
**
Warner
  • 23,756
  • 2
  • 59
  • 69