CSR Generation and Certificate Installation: Glassfish 4.x
1. CREATE KEYSTORE:
> keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048
Note: You will be prompted to enter keystore password when you run the above command. The password of the newly created keystore must match the Glassfish's master password, since the master password is used to access the certificate keystore. The default master password is “changeit” and can be changed with the help of the “change-master-password” sub-command. Afterwards, you will be prompted for the following:
Ensure the details filled in here correspond to those communicated to us at the point of purchasing,
What is your first and last name? = Your Domain Name (e.g. www.comodo.com)
Use the following command to generate a CSR,
> keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks
If you have received four certificate files ZIP, run the following commands.
> keytool -import -v -trustcacerts -alias root -file addtrustexternalcaroot.crt -keystore yourkeystorename.jks
> keytool -import -v -trustcacerts -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore yourkeystorename.jks
> keytool -import -v -trustcacerts -alias COMODORSADomainValidationSecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore yourkeystorename.jks
> keytool -import -alias youralias -trustcacerts -file your_domain_certificate.crt -keystore yourkeystorename.jks
Note: Each certificate file needs to be imported with a unique alias value and the domain certificate’s alias must match the keystore alias.
> keytool -import -alias youralias -trustcacerts -file your_domain_certificate.p7b -keystore yourkeystorename.jks
> keytool -import -alias youralias -trustcacerts -file your_domain_certificate.cer -keystore yourkeystorename.jks
Note: The above command only works on Java 7 and above
> keytool -importkeystore -srckeystore yourkeystorename.jks -destkeystore keystore.jks
NOTE: Since the end-point keystore password and Glassfish master password must match, make sure that you have the same passwords for the source and destination keystore. If they are different, it is possible to change the Glassfish master password with the help of the “change-master-password” sub-command specifying the source keystore password. This action will update the destination keystore password as well.