Use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where it is run. You can find the keytool utility under the bin directory of java folder.
Note: - When you install Glassfish, it creates a default self-signed certificate as the server certificate. (localhost)
Step:- 1
Delete exiting certificate :-
Type the following command to delete the default self-signed certificate by issuing the following command.
keytool -delete -alias s1as -keystore keystore.jks -storepass
Generate self signed certificate
Steps 1:- Type the following command to create new certificate:
keytool -genkey -alias test
Fill all the information to create the certificate.
Enter keystore password: p@ssw0rd!
What is your first and last name?
[Unknown]: Chandra
what is the name of your organizational unit?
[Unknown]: Paxcel
what is the name of your organization?
[Unknown]: Paxcel
what is the name of your City or Locality?
[Unknown]: Gurgaon
What is the name of your State or Province?
[Unknown]: HR
What is the two-letter country code for this unit?
[Unknown]: IN
Is
[no]: yes
Import certificate
A certificate can be imported into a keystore using keytool. Type the following command to import the certificate:-
keytool -storepass my-keystore-password(paxcel) -alias test -import -file test.cer
Generate expired certificate
Steps:
Default days is 7 and cant not be set 0 day. You need to specify at least 1 day to
create.
keytool -genkey -alias test –validity 1
Note: - To change the location of certificate files - admin console.
Always generate the certificate in the directory containing the keystore and truststore files, by default domain-dir/config.
Open the Glassfish admin console in the web browser.
Login into glassfish admin console (http://localhost:4848), Default uid and password:
admin and adminadmin
a) In the Admin Console tree, select the Application Server node.
b) Select JVM Settings.
c) Click the JVM Options tab.
d) On the JVM Options page, add or modify the following values in the Value
field to reflect the new location of the certificate files:
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/path/ks-name
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/path/ts-name
e) Where ks-name is the keystore file name and ts-name is the trust store file name.
f) Click Save.
g) Restart the Application Server if Restart Required displays in the console.
Install certificate in GlassFish server
Here are the instructions for enabling GlassFish v2 as an SSL server when the application server is configured with the developer profile.
1. Delete the default self-signed certificate by issuing the following command (note that the commands in this and subsequent steps are shown on multiple lines for formatting purposes):
keytool -delete -alias s1as -keystore keystore.jks -storepass
where
2. Generate a new key pair for the application server by issuing the following command:
keytool -genkeypair -keyalg
-keystore keystore.jks -validity
where
Note that in addition to generating a key pair, the command wraps the public key into a self-signed certificate and stores the certificate and the private key in a new keystore entry identified by the alias.
It's important to ensure that the name of the certificate matches the fully-qualified hostname of your site. If the names don't match, clients connecting to the server will see a security alert stating that the name of the certificate does not match the name of the site. You should notice that the name of the default self-signed certificate matches the fully-qualified hostname.
3. Generate a Certificate Signing Request (CSR) by issuing the following command:
keytool -certreq -alias s1as -file
-keystore keystore.jks -storepass
where
4. keytool -import -v -alias s1as -file s1as.cert -keystore keystore.jks -storepass
When you import the certificate using the same original alias "s1as", keytool treats it as a command to replace the original certificate with the certificate obtained as reply to a CSR.
s1as (self-signed):
Owner: CN=chandra, OU=Paxcel, O=Paxcel Technologies, L=Gurgaon , ST=Haryana, C=IN
Issuer: CN=Chandra, OU=Paxcel Technologies, O=Paxcel Technologies
, L=Gurgaon, ST=Haryana, C=IN
Serial number: 472acd34
Valid from:
No comments:
Post a Comment