How to Install an SSL Certificate on GlassFish
In this guide, you’ll learn how to install an SSL Certificate on GlassFish. If you haven’t generated the CSR (Certificate Signing Request) code yet, the first part of the guide will show you how to generate a CSR code on GlassFish. Finally, in the last segment, you’ll discover where to buy the best SSL Certificate for your GlassFish server.
Table of Contents
- Generate a CSR code for GlassFish
- Install an SSL Certificate on GlassFish
- Test your SSL installation
- Where to buy an SSL Certificate for GlassFish?
Generate a CSR code for GlassFish
The first major step you have to perform when dealing with an SSL Certificate is to create a CSR code and send it to the Certificate Authority (your SSL provider). The CSR is a block of text containing details about your website and company. The CAs use it to verify your website’s or/and company’s identity. If your CSR includes erroneous or obsolete information, the CA will not sign your certificate.
You have two options:
- Use our CSR Generator to create the CSR automatically.
- Follow our step-by-step tutorial on how to generate CSR in GlassFish.
You can open your CSR file with any text editor of your choice (e.g., Notepad). Before sending it to your CA, we recommend one final check for potential typos or errors. Use our decoder tool to inspect your CSR.
Depending on the validation type of your cert, you’ll have to wait between a few minutes up to a couple of business days for your SSL Certificate files to arrive in your inbox. Once you’ve received them, you can continue with the SSL installation.
Install an SSL Certificate on GlassFish
Before the installation, prepare your SSL Certificate files. Your CA sent them to the email address that you’ve provided. Usually, the files are in an archived folder.
You will have to import the certificate files in the GlassFish keystore that contains your private key. It’s the same keystore that you’ve used to generate your CSR.
Step 1. extract all the files
Your first step is to extract all the files from the .zip folder you’ve received from your SSL provider. It should contain your SSL certificate files in PEM (.crt and .ca-bundle) or PKCS#7 (.p7b and .cer files) formats.
Step 2. Upload the SSL files to your GlassFish server
Next, you need to upload the SSL files to your GlassFish server in one of the formats mentioned in the first step. The PEM format requires two commands to import the files, while the PKCS7#7 just one.
Select one of the formats and perform the upload:
PEM (.crt, .ca-bundle)
If you choose the PEM format, you’ll need to upload the CA Bundle files first, and then your primary SSL Certificate file. Enter the following command to import the CA Bundle:
keytool -import -trustcacerts -alias ca -file file.ca-bundle -keystore mykeystore.jks
You can use any name for the alias, as long as it’s different from the keystore’s alias. After the CA Bundle, you can import the SSL Certificate itself. Use the command below to upload it to your server:
keytool -import -trustcacerts -alias myalias -file file.crt -keystore mykeystore.jks
Here, the alias name must match the keystore alias.
PKCS#7 (.p7b, .cer)
If you pick the PKCS#7 format, use the following command to upload all the files at once:
keytool -import -trustcacerts -alias myalias -file file.p7b -keystore mykeystore.jks
The command will ask for your keystore password.
The myalias attribute should be identical to the one set for your keystore. If you don’t remember your alias, you can see it via keytool -list -v -keystore mykeystore.jks command.
Step 3. Import into the default GlassFish keystore
Once your keystore is ready, you should import into the default GlassFish keystore. You can locate it here: glassfish4/glassfish/domains/domain1/config/keystore.jks
Note: GlassFish creates domain1 by default. If you’ve added a new domain to GlassFish, use its directory instead of the default one.
Here’s the command to import your keystore into the GlassFish one:
keytool -importkeystore -srckeystore mykeystore.jks -destkeystore keystore.jks
Step 4. Enter the password for both keystores
The password for the GlassFish keystores must be the same as the GlassFish master password for the domain. If the GlassFish, keystore and private key passwords don’t match, your SSL Certificate won’t work.
Step 5. Update your GlassFish configuration
After a successful import, you need to update your GlassFish configuration to enable the new SSL certificate. Again, you have two options here. You can perform this action straight from your browser via the GlassFish Administration Console, or manually by editing the domain.xml file.
GlassFish Administration Console
If you decide to take the Admin Console route, first you need to enable the secure administration feature for your domain. Run the following command to do it:
asadmin enable-secure-admin yoursite.com
Don’t forget to replace yoursite.com with your actual domain name.
Once enabled, you can connect to the GlassFish Administration Console via https://yoursite.com:4848.
Ignore the self-signed SSL certificate warning and continue browsing the console. Go to Configurations > server-config > HTTP Service > HTTP Listeners > http-listener-2:
Click on the “SSL” tab and in the Certificate Nickname field, enter your certificate alias. It is the same as your keystore alias.
Switch back to the General tab and change the HTTPS Port to the usual 443. GlassFish uses the 8181 port by default.
Sometimes not all configuration references will update to the new alias in the Administration Console. If this happens to you, don’t worry, you can update them manually in the domain.xml file.
Domain.xml is an alternative way to configure your SSL Certificate in GlassFish. The domain.xml file resides in glassfish4/glassfish/domains/domain1/config/domain.xml.
To perform a safe update, we recommend stopping the GlassFish service for your domain, and only afterwards opening the Domain.xml file. To stop GlassFish run the following command:
asadmin stop-domain yoursite.com
Replace yoursite.com with your domain name.
Now you can open the domain.xml file with your favorite text editor. Use the Ctrl+F search function to locate the slas attribute, the default SSL certificate alias on GlassFish. Next, replace slas with your certificate alias. In this article we’ve been using myalias as our certificate alias.
If you update all the aliases to your alias, you’ll also install the SSL Certificate for the GlassFish Administration Console.
Save your domain.xml file, and run the asadmin start-domain yoursite.com command to start your domain.
Congratulations, you’ve successfully installed your SSL Certificate on the GlassFish server.
Test your SSL installation
After you install an SSL certificate on GlassFish, you can use one of these excellent SSL tools to check the status of your installation. The instant scans will reveal any potential errors and vulnerabilities that may affect your certificate performance.
Where to buy an SSL Certificate for GlassFish?
The best place to shop for an SSL Certificate for GlassFish is SSL Dragon. We offer incredibly low prices and regular discounts on the full range of our SSL products. We’ve partnered with the best SSL brands on the market to bring your website state of the art encryption. All our SSL certificates are compatible with GlassFish.
To help you pick the ideal SSL certificate for your site, we built two exclusive SSL tools. Our SSL Wizard needs just a few seconds to find the best SSL deal for your project and budget, while the Advanced Certificate Filter lets you sort and compare various SSL certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.