new file: glassfish/howto/add-a-valid-ssl-cert.mdwn
authorPhilip Durbin <philipdurbin@gmail.com>
Fri, 1 Nov 2013 20:32:50 +0000 (16:32 -0400)
committerPhilip Durbin <philipdurbin@gmail.com>
Fri, 1 Nov 2013 20:32:50 +0000 (16:32 -0400)
java/glassfish/howto/add-a-valid-ssl-cert.mdwn [new file with mode: 0644]

diff --git a/java/glassfish/howto/add-a-valid-ssl-cert.mdwn b/java/glassfish/howto/add-a-valid-ssl-cert.mdwn
new file mode 100644 (file)
index 0000000..c2f9eec
--- /dev/null
@@ -0,0 +1,103 @@
+## How to add a valid SSL/TLS cert to Glassfish
+
+[[!toc]]
+
+## Introduction
+
+In this tutorial we will be reusing "star" or http://en.wikipedia.org/wiki/Wildcard_certificate in use by Apache on Glassfish.
+
+These are the names Apache uses:
+
+- SSLCertificateFile (server.crt) Server PEM-encoded X.509 Certificate file http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile
+- SSLCertificateKeyFile (server.key) Server PEM-encoded Private Key file http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatekeyfile
+- SSLCertificateChainFile (ca.crt) File of PEM-encoded Server CA Certificates http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatechainfile
+
+To be continued... for now, see http://aliok.wordpress.com/2011/06/04/using-your-ssl-certificate-on-glassfish-3/
+
+## List existing cert (self-signed)
+
+    [root@dvn-vm2 cert]# cd glassfish3/glassfish/domains/domain1/config
+    [root@dvn-vm2 config]# keytool -list -keystore keystore.jks -storepass changeit
+
+    Keystore type: JKS
+    Keystore provider: SUN
+
+    Your keystore contains 2 entries
+
+    glassfish-instance, Jul 11, 2012, PrivateKeyEntry, 
+    Certificate fingerprint (MD5): BE:DE:57:FF:BC:E2:32:AA:85:4C:4C:BD:6F:BC:EC:DE
+    s1as, Jul 11, 2012, PrivateKeyEntry, 
+    Certificate fingerprint (MD5): 52:BC:A6:6D:31:15:8E:6F:64:AA:14:E7:20:29:B1:AA
+    [root@dvn-vm2 config]# 
+    [root@dvn-vm2 config]# keytool -list -keystore keystore.jks -storepass changeit -v
+
+    Keystore type: JKS
+    Keystore provider: SUN
+
+    Your keystore contains 2 entries
+
+    Alias name: glassfish-instance
+    Creation date: Jul 11, 2012
+    Entry type: PrivateKeyEntry
+    Certificate chain length: 1
+    Certificate[1]:
+    Owner: CN=localhost-instance, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
+    Issuer: CN=localhost-instance, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
+    Serial number: 4ffdd33d
+    Valid from: Wed Jul 11 15:25:49 EDT 2012 until: Sat Jul 09 15:25:49 EDT 2022
+    Certificate fingerprints:
+             MD5:  BE:DE:57:FF:BC:E2:32:AA:85:4C:4C:BD:6F:BC:EC:DE
+             SHA1: 58:D8:78:1F:B6:1C:48:FF:82:21:90:9D:FF:BE:35:50:6D:44:A3:BF
+             Signature algorithm name: SHA1withRSA
+             Version: 3
+
+    Extensions: 
+
+    #1: ObjectId: 2.5.29.14 Criticality=false
+    SubjectKeyIdentifier [
+    KeyIdentifier [
+    0000: D4 AE 32 59 30 0B 68 0D   D3 F5 10 AA 8C 11 99 01  ..2Y0.h.........
+    0010: A7 FB 95 E3                                        ....
+    ]
+    ]
+
+
+
+    *******************************************
+    *******************************************
+
+
+    Alias name: s1as
+    Creation date: Jul 11, 2012
+    Entry type: PrivateKeyEntry
+    Certificate chain length: 1
+    Certificate[1]:
+    Owner: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
+    Issuer: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
+    Serial number: 4ffdd33b
+    Valid from: Wed Jul 11 15:25:47 EDT 2012 until: Sat Jul 09 15:25:47 EDT 2022
+    Certificate fingerprints:
+             MD5:  52:BC:A6:6D:31:15:8E:6F:64:AA:14:E7:20:29:B1:AA
+             SHA1: 36:47:8E:AB:37:81:49:36:EE:2A:BC:02:E9:4A:93:A9:34:9D:14:54
+             Signature algorithm name: SHA1withRSA
+             Version: 3
+
+    Extensions: 
+
+    #1: ObjectId: 2.5.29.14 Criticality=false
+    SubjectKeyIdentifier [
+    KeyIdentifier [
+    0000: 73 C9 5A 7D D3 B1 FF C0   2E 24 E2 5A 50 67 5F 4A  s.Z......$.ZPg_J
+    0010: E3 62 C6 7D                                        .b..
+    ]
+    ]
+
+
+
+    *******************************************
+    *******************************************
+
+
+    [root@dvn-vm2 config]# 
+
+##