Aug 11, 2011
tom

Issues with setting up SSL on Glassfish v3

Question

I am currently setting up SSL on glassfish and having some issues connecting to the server.

http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/

I have followed this guide to set up the certificates which seemed to work great but I couldn’t get glassfish to point at the certificates. After some more research I found another guide which said that as well as the changes I made I also had to change all instances of ‘s1as’ in the domain.xml to the alias I gave my certificate. Eventually after some fiddling I changed the following to point to my keystore

-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks

This has partially worked I am able to successfully connect the first few times I try then every successive attempt results in the browser timing out.

Is there a setting I have missed or something that anyone can see I have done incorrectly?

Answer

To set up SSL on a fresh install of Glassfish 3.1

I had numerous issues with 3.0.1 so I would recommend upgrading to 3.1

Following the instructions on the link above, this successfully creates the keystore and certificates.

Change Master password

The master password which is set on Glassfish is also the password which allows access to the SSL certificate store. The default password for Glassfish 3.1 is “changeit”, Glassfish 3.0.1 doesnt have a default master password. To change the master password open a command prompt and type

‘cd C:glassfish3bin’

‘asadmin change-master-password’

You will be prompted for the default password then asked to enter a new password which should be set to whatever you set your certificate store password to.

Install the certificate

copy the file server.keystore file to C:glassfish3glassfishdomainsdomain1config

In C:glassfish3glassfishdomainsdomain1config open the domain.xml document and find all instances of the phrase ‘s1as’ and replace them with the alias you gave your certificates. There should be approximately 22 changes. In the same document replace all instances of ‘keystore.jks’ to ‘server.keystore’, this is the name of the new keystore created in the javadude instructions above. There should be 2 changes.

Setting up glassfish for SSL

Start Glassfish server by going to Start -> All Programs -> Glassfish server open source edition web profile -> Start application server. This will open a cmd window minimised at the bottom of the screen. Maximise this and enter the Glassfish master password. Open a web browser and enter the URL http://localhost:4848 to access the administration console. Go to Configurations -> Server config -> Network config -> Network listeners -> Http-listener-2. Change the Port to 443 and make sure the enable security box is checked. Click save. On the SSL Tab check the box next to SSL3 and TLS, change the certificate NickName to the alias you set in the previous step (if it hasnt already automatically set) and click save.

Related posts:

  1. Redirecting from http to https in Glassfish 3
  2. nginx ssl wildcard cert issues
  3. Tomcat/Spring SSL configuration
  4. Exchange 2007 SSL cert, issues with domain
  5. Glassfish DNS Configuration

Leave a comment