Reputation: 12651
Following several tutorials I've installed my SSL-certificates like so:
Step 1. Import the keystore with key and CSR
keytool -importkeystore -srckeystore /root/cert/keystore.jks -destkeystore /usr/share/glassfish3/glassfish/domains/domain1/config/keystore.jks
Step 2. Import the root, intermediates and signed certificate
keytool -import -trustcacerts -keystore /usr/share/glassfish3/glassfish/domains/domain1/config/keystore.jks -alias root -file /root/cert/Equifax.crt
keytool -import -trustcacerts -keystore /usr/share/glassfish3/glassfish/domains/domain1/config/keystore.jks -alias intermediate1 -file /root/cert/RapidSSL_Primary_Intermediate.crt
keytool -import -trustcacerts -keystore /usr/share/glassfish3/glassfish/domains/domain1/config/keystore.jks -alias intermediate2 -file /root/cert/RapidSSL_Secondary_Intermediate.crt
keytool -import -trustcacerts -keystore /usr/share/glassfish3/glassfish/domains/domain1/config/keystore.jks -alias mydomain_com -file /root/cert/mydomain_com.crt
3. Renaming all s1as
references to mydomain_com
in domain.xml
4. Restart the domain
/usr/share/glassfish3/glassfish/bin/asadmin restart-domain domain1
My certificate chain properly states a length of 4
. The alias
is matching with the CSR, import of signed certificate and the value in domain.xml
.
However, when visiting https://mydomain.com
I get no response while it worked fine with the default self signed certificate s1as
. What might be wrong?
Upvotes: 3
Views: 4192
Reputation: 9974
Is the passphrase for your imported key the same as the master passphrase of the glassfish server?
The server needs the same passphrase as master passphrase, for the keystore and for the key. So check that all three passphrases are the same.
Upvotes: 6