All geek questions in one place

Correct way to configure Glassfish SSL certificate name?

Glassfish allows you to set an alias for an SSL certificate through its administrator console, as shown in the figure below:

Glassfish Admin Console SSL Configuration UI

But almost every tutorial on the network mentions that you need to replace all occurrences of the default SSL alias ( s1as ) with the one that will be used (i.e. mydomain.com ) in the domain.xml file.

So what is the correct way to set a certificate alias?

+1
source share
2 answers

It is likely that the admin console is just updating the domain.xml file anyway. In any case, it is recommended that you avoid modifying the domain.xml file where possible. There are no official recommendations in the Safety Guide for GF4, and the only mention of the certificate name is:

If you enable the secure admin on the GlassFish server with SSL support, the secure administrator uses the existing value as the DAS administrator alias for the secure administrator.

https://glassfish.java.net/docs/4.0/security-guide.pdf

Changing a pseudonym is not really necessary, from a functional point of view. When you import your / cert key into the keystores, you can simply use the same name to replace the existing certificate, which is completely right.

Change To change aliases using the asadmin , you can use enable-secure-admin with --instancealias myNewAlias or --adminalias myOtherNewAlias (or both).

The default value for adminalias is s1as , and the default value for instancealias is glassfish-instance .

+5
source

http-listener-2 is the default HTTP listener (glassfish or payara) with ssl enabled on port 8181 if you created another change for it in the following command.

 asadmin set "configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.cert-nickname=yourNickName"
+2
source

Source: https://habr.com/ru/post/1209670/

More articles:


All Articles