Alibaba Cloud Certificate Management Service allows you to download and install an SSL certificate on a GlassFish server. This topic describes how to install an SSL certificate on a GlassFish server.

Prerequisites

A certificate is purchased, issued, and downloaded.

Background information

In this example, the certificate named cer01, the CA certificate file named cer01.pem, and the private key file named cer01.key are used.

Procedure

  1. Decompress the certificate package that you download to your computer. The following files are extracted from the package: a CA certificate file in the PEM format and a private key file in the TXT format.
    Certificate files
  2. Run the following commands to convert the CA certificate file and the private key file to JKS files:
    openssl pkcs12 -export -in cer01.pem -inkey cer01.key -out temp.p12 -passout pass:changeit -name s1as
    # Replaces cer01.pem with the name of your CA certificate file and replace cer01.key with the name of your private key file. The password that you set when you convert the file formats must be the same as the password of the built-in certificate of a GlassFish server. The default password of the built-in certificate is changeit. 
    keytool -importkeystore -srckeystore temp.p12 -srcstoretype PKCS12 -srcstorepass changeit -deststoretype JKS -destkeystore ./GlassFish5/GlassFish/domains/domain1/config/keystore.jks -deststorepass changeit -alias s1as
    # The password that you set when you convert the file formats must be the same as the password of the built-in certificate of a GlassFish server. The default password of the built-in certificate is changeit. 
  3. Restart the GlassFish service.
    ./Glassfish5/bin/asadmin restart-domain

What to do next

After you install a certificate, you can access the domain name that is bound to the certificate to verify whether the certificate is installed.
https://yourdomain   # Replace yourdomain with the domain name that is bound to your certificate. 

If a lock icon appears in the address bar, the certificate is installed.

If your domain name is inaccessible over HTTPS after the certificate is installed, check whether port 443 on the server where you install the certificate is enabled or blocked by other tools. If you use an Alibaba Cloud Elastic Compute Service (ECS) instance, log on to the ECS console and allow traffic over port 443 on the Security Groups page.