1. Generate the key pair
delete mykeystore.jks if already exists
keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry"
2. Generate the certificate request
keytool -certreq -alias test-server -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
3. Sign the certificate with CA
Goto www.verisign.com
Try with Free Trial SSL -->
cat testserver.cer and cut & paste in the certificate area.
You may receive the mail with instructions.
4. Import the replied certificate into keystore
Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) .
Import into mykeystore.jks (same keystore as used in the first step) and assume
keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file verisign_intermediate_ca.cer
keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer
If the above steps were not correct, you may face certificate chain issue during import.
Double check the subject and issuer of the certificate (test-server). [ keytool -list -keystore mykeystore.jks -alias test-server -v ]
Now your server certificate is ready to use.
In glassfish server environment:
1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server.
2. Copy mykeystore.jks to keystore.jks (under domain1/config)
3. Import the CA certs in trust store (domain1/config/cacerts.jks):
keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file verisign_intermediate_ca.cer
4. Start the server
At this point you should able to access https://localhost:8181/ with new test-server certificate.
Tried to give you some level of information before I take more time in creating a doc and later I will have wiki page with screenshots.
Hope this helps.
delete mykeystore.jks if already exists
keytool -genkey -alias test-server -keysize 1024 -keyalg RSA -keystore mykeystore.jks -dname "CN=mytest.myorg.com, OU=MyGroup, O=My Org, L=MyCity, S=MyState, C=MyCountry"
2. Generate the certificate request
keytool -certreq -alias test-server -sigalg SHA1withRSA -keystore mykeystore.jks -file testserver.cer
3. Sign the certificate with CA
Goto www.verisign.com
Try with Free Trial SSL -->
cat testserver.cer and cut & paste in the certificate area.
You may receive the mail with instructions.
4. Import the replied certificate into keystore
Save the given reply certificate (from your email) to a file, say - signed_test_server.cer and save verisign CA certs in files. I got 2 . One intermediate and another Test Trial CA (say copied to verisign_test_ca.cer and verisign_intermediate_ca.cer) .
Import into mykeystore.jks (same keystore as used in the first step) and assume
keytool -import -alias verisigncert -keystore mykeystore.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore mykeystore.jks -trustcacerts -file verisign_intermediate_ca.cer
keytool -import -alias test-server -keystore mykeystore.jks -trustcacerts -file signed_test_server.cer
If the above steps were not correct, you may face certificate chain issue during import.
Double check the subject and issuer of the certificate (test-server). [ keytool -list -keystore mykeystore.jks -alias test-server -v ]
Now your server certificate is ready to use.
In glassfish server environment:
1. Add the SSL to http-listener-2 with "test-server" (same as above) alias using admin console . Stop the server.
2. Copy mykeystore.jks to keystore.jks (under domain1/config)
3. Import the CA certs in trust store (domain1/config/cacerts.jks):
keytool -import -alias verisigncert -keystore cacerts.jks -trustcacerts -file verisign_test_ca.cer -v
keytool -import -alias verisigninter -keystore cacerts.jks -trustcacerts -file verisign_intermediate_ca.cer
4. Start the server
At this point you should able to access https://localhost:8181/ with new test-server certificate.
Tried to give you some level of information before I take more time in creating a doc and later I will have wiki page with screenshots.
Hope this helps.
No comments:
Post a Comment