Chat With Us
We are here for you!
Talk to a fellow human.
1. CREATE DIRECTORY FOR THE KEYSTORE AND CSR:
Open a command prompt and type the following:
> mkdir sslcert
Then cd to the newly created directory by typing the following command:
> cd sslcert
2. CREATE KEYSTORE:
Use the following command to create a keystore:
> keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048
You will be prompted to enter keystore password. The default password that comes with glassfish is "changeit" except you have changed yours. Afterwards, you will be prompted for the following:
Ensure the details filled in here correspond to those communicated at the point of purchasing,
What is your first and last name? = Your Domain Name (e.g. www.xyz.com)
What is the name of your organizational unit? = Your Department (e.g. IT)
What is the name of your organization? = Your Organization (e.g. XYZ CA Ltd)
What is the name of your City or Locality? = Your City (e.g. Clifton)
What is the name of your State or Province? = Your State (e.g. New Jersey)
What is the two-letter country code for this unit? = Your Country Code (e.g. US)
Tip : Click here to view the list of Country Codes
When all these have been filled in, you will be shown the summary to confirm accuracy. Type y and press enter. You will then be prompted to enter the key password for youralias. Press enter if you are using the default password.
3. GENERATE CSR:
Use the following command to generate a CSR
> keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks
Note: Use the same alias name you used for generating the keystore.
4. IMPORT ROOT CERTIFICATE TO CACERTS.JKS AND KEYSTORE.JKS:
> keytool -import -v -trustcacerts -alias root -file addtrustexternalcaroot.crt -keystore keystore.jks
5. IMPORT INTERMEDIATE CERTIFICATE TO CACERTS.JKS AND KEYSTORE.JKS:
> keytool -import -v -trustcacerts -alias XYZRSAAddTrustCA -file XYZRSAAddTrustCA.crt -keystore keystore.jks
> keytool -import -v -trustcacerts -alias XYZRSADomainValidationSecureServerCA -file XYZRSADomainValidationSecureServerCA.crt -keystore keystore.jks
Note : Use a Unique alias name for each intermediate certificate.
6. IMPORT MAIN CERTIFICATE TO KEYSTORE.JKS (THE ALIAS SHOULD BE SAME AS THAT OF THE KEYSTORE):
> keytool -import -alias youralias -trustcacerts -file your_domain_certificate.crt -keystore keystore.jks
You should you should receive a message: Certificate reply was installed in keystore if successful. It should NOT match the output of Step 1 or 2 above.
7. CONFIGURE HTTP-LISTENER-2:
On the Glassfish Admin console, go to Configurations -> Server Config -> http-listener-2 and:
8. REFERENCE INSTALLED CERTIFICATE IN THE DOMAIN.XML:
Open the /config/domain.xml and replace all references of s1as with the alias of the installed certificate (youralias)