import ssl certificate in Glassfish

Question

i have the following issue:

I obtain a free certificate from comodo (90 days) for my glassfish web application and then i have imported the certs into glassfish 3.1 by following http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/

I have also modify the domain.xml file by replacing the alias s1as with my certificate alias and the file keystore.jks with the server.keystore....but when i try to access my web application with https protocol i got the following log error:

[#|2012-10-12T14:41:18.828+0200|WARNING|glassfish3.1.2|com.sun.grizzly.config.Gr izzlyServiceListener|_ThreadID=25;_ThreadName=http-thread-pool-443(1);|GRIZZLY00 07: SSL support could not be configured! java.io.IOException: SSL configuration is invalid due to No available certificat e or key corresponds to the SSL cipher suites which are enabled.

Please help me..i know that here i can find the solution to my issue...

Answer 1

Unfortunately I don`t have enough reputation to post images of glassfish console admin, but let me try to help somebody just using text.

NOTE1: The configuration was done on Ubuntu 12.04 server and glassfish 3.1.2

Comodo gives you 4 files

• your_domain.key (your private key)
• your_domain.crt (your public key)
• PositiveSSLCA2.crt (CA public key)
• AddTrustExternalCARoot.crt (CA public key)

Import every public key into the file cacerts.jks. To do that merge the public key files in one file:

NOTE2: The order of the files DOES matter.

cat your_domain.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt  > all.crt

Now import them using keytool:

keytool -import -trustcacerts -alias tomcat -file all.crt -keystore cacerts.jks

Create a p12 file with your private key:

NOTE3: You can use the same password for every file to make things easier.

openssl pkcs12 -export -in all.crt -inkey your_domain.key -out your_domain.p12 - name your_alias -CAfile PositiveSSLCA2.crt -caname immed

NOTE4: Don`t forget you alias (your_alias), you will need to reference it in glassfish admin console later.

Now import the private key using keytool:

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore your_domain.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias your_alias

Now your keystore.jks (with your private keys) and your cacerts.jks (with you public key) are ready to me used. If you want to check if everything is ok run:

keytool -list -keystore keystore.jks
keytool -list -keystore cacerts.jks

Go to the glassfish admin console and find the session:

• Configurations->server-config->HTTP Service->Http Listeners->http-listener-2

Go to the SSL tab and change the Certificate NickName to your_domain.

Restart Glassfish server.