How to configure SSL certificate on Oracle Glassfish v3.1

24 / Nov / 2016 by Rahul Jaiswal 0 comments



GlassFish is an open-source application server project started by Sun Microsystems for the Java  platform and now sponsored by Oracle Corporation. It helps in developing scalable and portable applications.

One issue which always comes up while deploying Glassfish on live is setting up custom SSL. The Glassfish provides a predefined SSL cert with every Glassfish deployment but that does not serve the purpose of the developed applications configured to work with custom domain names e.g Glassfish uses Keystore to store SSL certificates.

This article how we can configure the SSL cert over Glassfish as quickly as possible. We will be using Glassfish 3.1.

Pre-requisites : You must have terminal(command line access to the server which is running Glassfish and a SSL cert along with the keys. You can also use a self-signed cert for trying out the below steps.

1. Backup the current settings
Go to your Glassfish installation
cd /usr/local/glassfish-3.1/glassfish/domains/domain1/config/

2. Save the default SSL Keystore
cp keystore.jks keystore.jks.ori

3. Delete the default SSL certificate from the Keystore
keytool -delete -alias s1as -keystore keystore.jks -storepass {admin password}
Note: The default alias of SSL certs for all glassfish installation is s1as

4. Prepare your certificate
cat server.crt intermediate.CA.crt Root.CA.crt > combined_servercert_chain.crt

5. Convert your certificate to pkcs#12
openssl pkcs12 -export -in combined_servercert_chain.crt -inkey serverkey.pem -out keystore.pkcs12 -name s1as -passout pass:{admin password}

5. Now Import the converted cert to the Keystore
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -srcstorepass -deststoretype jks -destkeystore keystore.jks -deststorepass {admin password}

After completing the above steps, you should get the following message:
Entry for alias s1as successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or canceled

6. Restart Glassfish (below command depends on your Glassfish installation)
service glassfish start

/usr/local/glassfish-3.1/glassfish/asadmin start-domain

Now your custom SSL has been deployed. You can verify the cert using the following command:

openssl s_client -showcerts -connect glassfish-server-ip:443

Now you now have a Glassfish server running with your custom SSL cert and you should not be receiving any security warnings while accessing via Browser.
Hope this helps 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *