SSL install of GlassFish Webspace server 10.0

GlassFish Webspace server 10.0 based on Liferay Portal is Sun's next generation portal. The latest Commercial Release can be downloaded from the following site

SSL install of Webspace server involves two steps :

1. Enabling the SSL on the Glassfish server instance

2. Installing the Webspace server

Enabling the SSL on the Glassfish server instance

  1. Download the RR release of Glassfish from the following location . Install and start the domain
  2. change to directory domains/domain1/config under the Glassfish install directory (cd to <gf_install_dir>/domains/domain1/config
  3. Delete the existing alias s1as from the keystore. Execute : keytool -delete -alias s1as -keystore keystore.jks (keytool will be present under jdk1.6.0_10/bin/ directory. Keystore password by default will be "changeit")
  4. Generate the key request. Execute : keytool -genkey -alias s1as -keyalg RSA -keysize 512 -dname "CN=<hostname-fqdn>,Ou=People,O=Sun,L=Bangalore,S=Karnataka,C=IN" -keystore keystore.jks
    Enter keystore password:  changeit
    Enter key password for <s1as>
            (RETURN if same as keystore password):
  5. Generate certificate signing request. Execute : keytool -certreq -alias s1as -sigalg "MD5withRSA" -file certreq.pem -keypass changeit -keystore keystore.jks -storepass changeit 
  6. cat certreq.pem
    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBLTCB2AIBADBzMQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlC
    YW5nYWxvcmUxDDAKBgNVBAoTA1N1bjEPMA0GA1UECxMGUGVvcGxlMR0wGwYDVQQDExRuaWNwNzQu
    aW5kaWEuc3VuLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCWvzZ+Ub04IcYZe7ybutZn8faf
    HcECwxFiV/vlYdqz/rr+ggQcDYz5+odLpmszIgIe41M1ZnDPwzd9W4H9RHF9AgMBAAGgADANBgkq
    hkiG9w0BAQQFAANBAIps0ba1sliacZkljptvSushvYV3fSkeVaGwt/erk92pILZIQ6jehfIZmw2G
    qYX3I7x9wntTDxaBq8GD3i5V0Kk=
    -----END NEW CERTIFICATE REQUEST-----
  7. Get this certificate signed from the CA. We internally use http://raasi.red.iplanet.com  openssl install
  8. Now import the rootca of this CA. This can be obtained on http://raasi.red.iplanet.com. Execute : keytool -import -alias rootca -trustcacerts -file rootca.pem -keystore keystore.jks -storepass changeit  (rootca.pem file contains the rootca obtained from raasi.red.iplanet.com)
  9. Import the signed certificate from the CA. Execute : keytool -import  -alias s1as -file servercert.pem -keypass changeit -keystore keystore.jks -storepass changeit
  10. Restart the glassfish domain.
  11. Access https://<hostname:8181> and view the certificate. It should show issued by : Veera Natarajan if you have used raasi as the signing CA
  12. Install the Glassfish Webspace 10.0. See the instructions under the section "To Install Webspace Server Software Into an Existing Sun GlassFish Configuration" from the "getting started guide" at the following location

Courtesy : Ajit Kamble, Gang chen and Veera Natarajan

Posted on: Feb 19, 2009

Posted by: siddeshk123

Category: Sun

Permanent link to this entry

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by siddeshk123