Friday 29 March 2013

[How To] - Set up SSL certificate on GlassFish app server

Under your development environment, it may not be very important to have a signed Digital certificate. However, eventually, your application will be accessed by the world. Nowadays, all browsers have a mechanism for alerting users when they enter untrusted environment (i.e. websites with unsigned certificates). Most people will either be scared away or think that your site is not working when they see the following warning page:

So, before serving pages securely, you should configure your app server to use a signed certificate. In case you don't have one yet, entering the following lines into a Terminal should do the job:

One very important thing to note is the -alias s1as portion. You cannot randomly assign a string for this parameter. Normally, GlassFish app server uses s1as as the default Certificate Nickname. To check what your app server is actually using, open the Admin console, under Configurations section, choose server-config, then HTTP Service, then Http Listeners. You will see the Certificate Nickname under the SSL tab on the right.

Next, after creating a digital certificate, you should have it cryptographically signed, which would make it became very difficult for anyone else to forge. For sites involved in e-commerce or any other business transaction in which authentication of identity is important, a certificate can be purchased from a well-known certificate authority such as VeriSign or Thawte.

After that, open your Admin console, under Configurations section, choose server-config, then JVM Settings. Under the JVM Options tab on the right, add the following options:

The next task is to copy the keystore.jks and the cacerts.jks files that you have created earlier into the <GLASSFISH_FOLDER>/glassfish/domains/domain1/config folder.

Lastly, restart your GlassFish app server and you're done! :)

1 comment:

  1. This is awesome guide for all those who are trying to set up ssl certificates. I am so happy that I found it. Now its easy for me to carry out the task by taking help from it. Thank you.
    digital certificates