SSL configuration in glassfish

views:

193

answers:

SSL configuration in glassfish

http://weblogs.java.net/blog/kalali/archive/2010/02/27/how-install-godaddy-certificate-your-glassfish-v3

i have followed this article .

successfully downloaded certificates from verisign .downloaded trial certificates.

now when i try to get using https:// it shows connection not found..

temporarily i have created 192.1.200.104 alias of certificate.

and my machine's ip is the same.

now what domain i should configure i have given www.xxx.com while retrieving certificate.

if i need to create www.xx.com in my local glassfish server then how to configure domain ?

Thankx.

now when i try to get using https:// it shows connection not found..

What URL did you use exactly? Did you try https://<server>:8181/ where <server> is the hostname of your server (if resolved properly)? If you followed the exact steps of the posted link, this should work.

now what domain i should configure i have given www.xxx.com while retrieving certificate.

The resolution of www.xxx.com into your machine IP should be done at the DNS level (you can add the name into your hosts file for testing though). To be honest, I'm not sure I understood the question, I'm just assuming you don't need "virtual hosting".

Pascal Thivent 2010-04-29 15:27:24

ok thats what i was intended to ask.do i need virtual server or not ?thanks let me try.

org.life.java 2010-04-30 04:22:06

@abc You don't need virtual hosting if you don't plan to serve several domains from this glassfish (and you don't seem to).

Pascal Thivent 2010-04-30 04:37:47

incase i want to test in my local machine which is not in network then how can i test it ?

org.life.java 2010-04-30 05:09:08

i have my given my host name while getting certificate www.xxx.com and i have added host entry www.xxx.com with my IP.and also imported root and intermediate certificate in FF stillThe connection was interrupted The connection to www.xxx.com:4848 was interrupted while the page was loading.

org.life.java 2010-04-30 05:21:29

@abs can you ping www.xxx.com?

Pascal Thivent 2010-04-30 05:26:20

yes it is resolving localhost

org.life.java 2010-04-30 05:31:17

with http its working for admin console only its not working for web app also.with https its not working for all (admin console and web app)

org.life.java 2010-04-30 05:37:30

@abc Maybe you messed up http-connectors. Hard to say without seeing anything. Maybe start over with a fresh install.

Pascal Thivent 2010-04-30 07:31:20

again same thing .

org.life.java 2010-04-30 10:24:09

http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/followed this.installed newer glassfish v3 .created newer domain domain2retrieved certificate from thawte.again same thing.https:// not working.connection interrupted.

org.life.java 2010-04-30 12:04:14

also imported test root cert in FF

org.life.java 2010-04-30 12:10:38

keytool -keysize 2048 -genkey -alias www.xxx.com -keyalg RSA -dname "CN=www.xxx.com,O=yourCompany,L=yourCity,S=yourState,C=IN" -keypass pass -storepass pass -keystore final.keystorekeytool -certreq -alias www.xxx.com -keystore final.keystore -storepass pass -keypass pass -file server-2048.csr submitted this CSR to thwate's csr box.

org.life.java 2010-04-30 13:27:40

Glassfish was not listed so selected other . and written sun glassfishthey mailed me 2 crt.1. my certificate2. testrootCAimported these in final keystore usingkeytool -import -alias root -keystore final.keystore -trustcacerts -file testCAROOT.crtkeytool -import -alias www.xxx.com -keystore final.keystore -trustcacerts -file mycert.crt

org.life.java 2010-04-30 13:28:35

each time i get the same thing server not found.

org.life.java 2010-05-03 07:47:23

SEVERE: Failed to load keystore type JKS with path server.keystore due to Keystore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect Caused by: java.security.UnrecoverableKeyException: Password verification failed May 3, 2010 3:37:24 PM com.sun.grizzly.config.SSLConfigHolder configureSSLWARNING: SSL support could not be configured!CCaused by: java.security.UnrecoverableKeyException: Password verification failed

org.life.java 2010-05-03 10:04:58

solved by changing keystore's password.now on console i am constantly getting SEVERE: ProtocolChain exceptionjava.lang.IllegalArgumentException: CipherSuites may not be null at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:58) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:1696) at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:358) </b>

org.life.java 2010-05-03 10:40:50

@abc I'll try to write a kind of tutorial later this day, I've already done this and I didn't face all the problems you're referring to. That's the best I can do.

Pascal Thivent 2010-05-03 11:00:25

Thank you very much Pascal.

org.life.java 2010-05-04 04:23:23

BTW pascal if i want to secure certain pages only then how to achieve this configuration ?

org.life.java 2010-05-04 05:50:30

hey that error gone upon fresh installation of GF. Thanks can we secure certain pages only ? means supose i have a page say login.xhtml in my application then that page must be communcated over HTTPS and rest are on HTTP.

org.life.java 2010-05-04 10:04:31

@abc That's typically something that you would enforce using rewrite rules (when using an Apache frontend). Without Apache, you could use a filter for that or the existing [UrlRewriteFilter](http://tuckey.org/urlrewrite/).

Pascal Thivent 2010-05-04 10:33:14

Hey Pascal thanks a lot i am finally done. i have created a documenthttp://www.4shared.com/document/J1248lc7/SSL_Configuration_with_Glassfi.html Thanks a ton.

org.life.java 2010-05-05 07:23:59

ansaurus

tags:

views:

answers:

SSL configuration in glassfish

related questions