Alibaba Cloud Certificate Management Service allows you to download and install an SSL certificate on a GlassFish server. This topic describes how to install an SSL certificate on a GlassFish server.
- For more information about how to purchase a certificate, see Purchase an SSL Certificates Service instance.
- For more information about how to apply for a certificate, see Apply for a certificate.
- The certificate package whose Server Type is Other is downloaded. For more information about how to download a certificate, see Download a certificate to your computer.
- Decompress the certificate package that you download to your computer. The following
files are extracted from the package: a CA certificate file in the PEM format and
a private key file in the TXT format.
- Run the following commands to convert the CA certificate file and the private key
file to JKS files:
openssl pkcs12 -export -in cer01.pem -inkey cer01.key -out temp.p12 -passout pass:changeit -name s1as # Replaces cer01.pem with the name of your CA certificate file and replace cer01.key with the name of your private key file. The password that you set when you convert the file formats must be the same as the password of the built-in certificate of a GlassFish server. The default password of the built-in certificate is changeit.
keytool -importkeystore -srckeystore temp.p12 -srcstoretype PKCS12 -srcstorepass changeit -deststoretype JKS -destkeystore ./GlassFish5/GlassFish/domains/domain1/config/keystore.jks -deststorepass changeit -alias s1as # The password that you set when you convert the file formats must be the same as the password of the built-in certificate of a GlassFish server. The default password of the built-in certificate is changeit.
- Restart the GlassFish service.
What to do next
https://yourdomain # Replace yourdomain with the domain name that is bound to your certificate.
If a lock icon appears in the address bar, the certificate is installed.
If your domain name is inaccessible over HTTPS after the certificate is installed, check whether port 443 on the server where you install the certificate is enabled or blocked by other tools. If you use an Alibaba Cloud Elastic Compute Service (ECS) instance, log on to the ECS console and allow traffic over port 443 on the Security Groups page.