After almost 3 years (see previous post) I revisit the topic this time using the latest version og Glassfish 3.1.2 and GoDaddy as certificate provider. I created a certificate for a sub-domain (sub.whateverdomain.com) this time and make use of the extremly cheap 5.99 U$/year offer (no wildcard included)
Let me summarize the key steps here:
- Get yourself a GoDaddy account
- Order a standard SSL
![Standard SSL]()
Standard SSL
- After payment you get 1 credit to use. Before we create the certificate we need to create a certificate request with the keytools for our glassfish domain
- Change domain masterpassword (not the admin password)
The default password is ‘changeit’, better change that with /bin$ ./asadmin change-masterpassword yourdomain - Go to you domain config folder ~/glassfish/domains/yourdomain/config$
- We will use the default keystore file in the config folder keystore.jks
- Optional: List the existing certifcates, there should be 2.
keytool -list -keystore keystore.jks or keytool -list -v -keystore keystore.jks (more info)
You should get something like thisKeystore type: JKS Keystore provider: SUN Your keystore contains 2 entries glassfish-instance, Mar 28, 2011, PrivateKeyEntry, Certificate fingerprint (SHA1): AA:AA:AA:AA:AA:AA:BD:9D:85:5B:CF:AA:AA:86:BA:49:50:AA:AA:AA s1as, Mar 28, 2011, PrivateKeyEntry, Certificate fingerprint (SHA1): 95:B4:E4:55:7F:F6:AA:AA:AA:AA:3D:65:21:D1:1B:AA:AA:AA:AA:AA
- Create a key
keytool -genkey -keysize 2048 -genkey -alias sub.whateverdomain.com -keyalg RSA -keystore keystore.jks
This differs from the previous command, you dont use the -dname option any longer, but the keytool will ask interactivelyImportant: It asks for your last and first name, this is the CN tag. You MUST use the domain name you register for (sub.whateverdomain.com). The alias I would choose the same.![keytool]()
keytool
- Create a certificate request file
keytool -certreq -alias sub.whateverdomain.com -keystore keystore.jks -file whateverdomain.csr - Open the file with the editor
![Request File]()
Request File
- Now we need to go back to GoDaddy to create our certificate with the request string
![SSL Setup]()
SSL Setup
![SSL Setup]()
SSL Setup
- Enter the request string from the above file
![SSL Setup]()
SSL Setup
- Choose validation method
If you are the contact in the whois record, email verification is the easiest option.![SSL Validation]()
SSL Validation
![SSL Admin]()
SSL Admin
- Confirm the email
![Validation]()
Validation
![Validation]()
Validation
- Go to the SSL admin page
![SSL Console]()
SSL Console
Download the certificate
Choose ‘other’
![Download Certifcate]()
- Upload the 2 cert files from the zip to the domain config folder
gd_bundle.crt
sub.whateverdomain.com.crt
and import them
keytool -import -trustcacerts -alias root -file gd_bundle.crt -keystore keystore.jks
keytool -import -trustcacerts -alias demo.airtilus.net -file sub.whateverdomain.com.crt -keystore keystore.jks - Go to the Glassfish admin console
![Glassfish admin]()
Glassfish admin
and adjust nickname (alias, here sub.whateverdomain.com) and the keystore file (here keystore.jks)
![http listener 2]()
http listener 2
- Restart is not required but I recommend.
- Optionally you can disable the http port 8080.
- Open any of your web applications at port 8181
![SVH20130322002]()
![https]()
https
![https]()
https
- Voila !
