Generando e instalando certificado en Glassfish

Generando e instalando certificado en Glassfish de Desarrollo
Fuente: http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/

Export to PFX:
https://blogs.oracle.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2
https://developer.connectopensource.org/display/CONNECTWIKI/Instructions+to+set+up+CONNECT+in+FIPS+mode+on+Windows+Glassfish+environment



IP: ddd.kk.o.tt
DNS: desaapp.pppppppp.com

http://desaapp.pppppppp.com:8282
https://desaapp.pppppppp.com:8181


Ejecutar: cmd
#cd C:\Archivos de programa\Java\jdk1.6.0_26\bin

Create keystore:
#keytool -keysize 2048 -genkey -alias desaapp.pppppppp.com -keyalg RSA -dname "CN=desaapp.pppppppp.com,O=pppppppp,L=Bogota,S=Bogota,C=CO" -keypass changeit -storepass changeit -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks"

Create csr file
#keytool -certreq -alias desaapp.pppppppp.com -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks" -storepass changeit -keypass changeit -file "C:\glassfish3.1\glassfish\domains\domain1\config\desarrollo.csr"

Check keystore
#keytool -list -v -alias desaapp.pppppppp.com -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks"


Generar CRT:
https://10.24.1.yy/certsrv/ -> Microsoft Active Directory Certificate Services
Go link -> Request a certificate > advanced certificate request
Open file -> desarrollo.csr
Copy data to web -> Certificate Template: Web Server
Select -> DER encoded
Go link -> Download certificate
Go link -> Download certificate chain

Import the CRT files
#keytool -import -alias desaapp.pppppppp.com -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks" -trustcacerts -file "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\cert_desarrollo.p7b"
#Install certificado: y
#Certificate reply was installed in keystore


Change config GF:
http://desaapp.pppppppp.com:4848
server-config > http-listener-2 > Protocol
Security: Enable

server-config > http-listener-2 > SSL
Certificate NickName: desaapp.pppppppp.com
Key Store: keystore.jks
SSL3: Enable
TLS: Enabled


Save GF!!


Reload server GF!


Try! -> https://desaapp.pppppppp.com:8181/




Self-Certificate

Export DER encoded certificates from existing JKS stores

The X.509 certificates existing in the JKS keystores can be exported in DER (Distinguished Encoding Rules) Encoded Binary formats.

Export the Self-Certificate

#keytool -export -file "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\internal.der" -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks" -storepass changeit -alias desaapp.pppppppp.com


Transform into PEM encoded certificates

A PEM (Privacy Enhanced Mail) certificate is a Base64 encoded DER certificate and is enclosed between
- - - BEGIN CERTIFICATE - - -
and
- - - - END CERTIFICATE - - - - lines.

Obtain the Self-Certificate PEM


#openssl x509 -in "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\internal.der" -inform DER -out "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\internal.PEM" -outform PEM


Obtain the Private Key for the Self-Certificate using the KeyExport tool


#java -cp c:\keyexport\keyexport.jar com.sun.xml.wss.tools.KeyExport -keyfile "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\internalkey.PEM" -alias desaapp.pppppppp.com -keystore "C:\glassfish3.1\glassfish\domains\domain1\config\keystore.jks" -outform PEM -storepass changeit -keypass changeit


export to pfx:
#openssl pkcs12  -export  -in "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\finalcert.pem" -out "C:\glassfish3.1\glassfish\domains\domain1\config\certificado\finalcert.pfx"