Step-by-step instructions to install an SSL certificate on Oracle GlassFish

Oracle GlassFish server, also known as GlassFish, is an open-source application server. The GlassFish project was started by Sun Microsystems for the Java platform and now it’s sponsored by Oracle Corporation. The first version of GlassFish was launched in 2007 and the version 5, released in 2017 is the latest one.

oracle glassfish ssl installation

Enough with the introduction, let’s get to the point you’re here for—SSL installation on Oracle GlassFish server. Follow the below steps to generate a CSR and install an SSL certificate on GlassFish.

Generate Private Key

#keytool -keysize 2048 -genkey -alias s1as -keyalg RSA -dname "CN=*,O=Myorganization,L=city,S=state,C=country" -keypass changeit -storepass changeit -keystore keystore.jks


You’ll need to replace the bold parts of the above syntax with your details. Here’s what the details represent:

CN: or

O: Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must type in the legal name of your organization.

L: Write the full name of your or your organization’s city.

S: Write the full name of your or your organization’s state.

C: Your 2-digit country code

Note: Once you run the above command, you will be asked to enter the password of keystore. Make sure that the keystore password is same as the GlassFish’s master password. If you have forgotten your password and hadn’t changed it from the beginning, changeit should be your default password.

Once you enter the details, you will be asked to verify the accuracy of the details you just entered. To confirm, type y and hit enter. Now you’ll be asked to enter the key password. Press enter to keep the key password same as the keystore password.


Generate CSR

Run the below command to generate a CSR:

> keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks


Download Certificate Files

Your certificate authority (CA) would’ve sent you the certificate files. Ideally, it will be sent in a zip file and it’d have three files.


Import Certificate Files

Once you’ve downloaded your certificate files, you’d need to import them into the keystore. Enter the below commands for different files.

keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key


keytool -import -trustcacerts -alias intermed -file (INTERMEDIATE CA FILE NAME) -keystore domain.key


keytool -import -alias -keystore keystore.jks -trustcacerts -file


Import Files into the default keystore

It helps in developing scalable and portable applications. To import files from the original keystore to the default keystore, you’d need to run the following command:

> keytool -importkeystore -srckeystore yourkeystorename.jks -destkeystore keystore.jks


Enable HTTPS in HTTP-Listener-2

To enable HTTPS in GlassFish’s HTTP-Listener, follow the outlined steps:

  • First, go to the GlassFish admin console.
  • Now go to Configurations -> Server Config -> http-listener-2.
  • Go to the General tab and change the port to 443.
  • In the SSL tab, change the Certificate NickName from s1as to the alias of your main certificate file.
  • Save the changes you made.

All done? Well, congratulations! You just installed an SSL certificate on Oracle GlassFish.

Important Resource


Related Posts

Save Up to 89% on SSL Certificates

Oracle Glasshfish only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate at a cheap price with heavy discounts.

Purchase a Comodo Positive SSL at $5.45 Per Year


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.