Jan 4, 2018

How to install/renew SSL Certificate for Glassfish

From certificate authority, you should generally receive two files
Your signed certificate : generally named as “yourdomain.com.crt”
Root certificate of your certificate (you might receive more than one. In some cases certification authority sends the intermediate certificates) : Godaddy names it “gd_bundle-g2-g1.crt”

Next step is importing the keystore you used to generate the request into the Glassfish’s keystore:

keytool -importkeystore -srckeystore /your-former-used-for-request/keystore.jks -destkeystore $GLASSFISHHOME/domains/yourdomain/config/keystore.jks

Now, the final step done on keystore is importing the signed certificate. First, we gotta switch to Glassfish’s keystore and import the root certificate:

cd $GLASSFISH_HOME/domains/yourdomain/config
keytool -import -v -trustcacerts -alias root -file gd_bundle-g2-g1.crt -keystore keystore.jks -keypass changeit -storepass changeit

Then, import the signed certificate of yours:

keytool -import -v -trustcacerts -alias s1as -file yourdomain.com.crt -keystore keystore.jks -keypass changeit -storepass changeit

At last, restart GlassFish.

If you are not installing for the first time, and are just renewing it, you may only need to to the last step, i.e. import the new signed certificate of yours and restart GlassFish.
See Also