Showing posts with label SJSAS. Show all posts
Showing posts with label SJSAS. Show all posts

Tuesday, February 23, 2010

Book Review - GlassFish Administration

I was offered the opportunity to review the GlassFish Administration book by Xuekun Kou from Packt Publishing. The book focuses on GlassFish version 2.1.1, but does have some coverage of version 3 (V3). The book is a smaller digest of a number of books published by Oracle (Sun) and the GlassFish document team.

The book breaks down into ten chapters on version 2.1.1, and an eleventh chapter on version 3. I am not sure where I stand on this book. I really don't like references to certain features in the table of contents which would lead you to believe it has some depth on the subject. Later you discover that it refers you to the actual "official" publications I noted above. I think that if you give it a sub-chapter designation, it must actually have some depth. I really found the book to cover most of the subjects in a shallow manner.

My other pet peeve is when code is included (or not included) in a book which does not work, or is shallowly offered without explanation. For example, there is a code example for security, but no explanation, or setup instructions. The other issue is where the book refers to the code, but it does not exist in the format in the book. There are numerous examples of this as you will note below.

If you have gotten this far in my review, you must wonder if the book has any redeeming value. Yes, it does. As an experienced GlassFish administrator, there are a lot of topics that are covered in too little detail for me, but as a new administrator, the book is a good starting place. I was expecting more advanced coverage of some topics, but this is material for a book on Advanced GlassFish Administration. This book offers would be GlassFish administrators a look into all the functionality that it offers.

I would give it a 3/5 stars for advanced administrators. This book is a very good book for starting administrators which probably should be 3.5/5 stars.

Chapter Summaries

Chapter one covers the basic installation which is no real surprise. The information is essentially the same as found on the GlassFish project web site. There is a nice section on how to do silent installs which is not really covered on the site.

Chapter two is a high-level overview of the server architecture. This is where the book shines. The information and illustrations are great. The author has done a great job covering the architecture with very good explanations.

The third chapter provides the reader with information on the application deployment capabilities of GlassFish. The explanation on the ease of development functionality is very good. It covers items like dynamic reload and command-line deployment options. This is a good introduction to the CLI portion of GlassFish which makes it easy to script for your particular OS. This chapter also includes installing JRuby and Grails based applications. The Grails example is really cool and worked like a champion.

The fourth chapter covers container configuration and basic services. I believe that the section on configuring HTTP listeners should have been covered prior to virtual servers because of the dependency. This chapter is very shallow. It shows you how to configure these services from both the Admin Console and CLI, but gives really nothing in way of explanation of the options available.

The fourth chapter concludes with a confusing explanation of the Application Client Container. It seems very out of place and should be re-written with a code example.

Chapter five discusses how to configure (JNDI) resources within GlassFish. This is a very important topic. The author does a good job of explaining how to configure the various resources from JDBC to external JNDI resources. There are not too many good examples on how to configure external resources. There are a number of command-line example errors, but fortunately GlassFish really does a great job of making correction suggestions.

Chapter six covers JMS specifically Open MQ and Apache ActiveMQ. It is really well done and covers an import aspect of modern application servers. The asynchronous transaction is becoming more important especially when combined with AJAX technologies which allow web applications to continue to respond to user input while actions are occurring in the background. This chapter also covers the imqadmin console.

One of the best aspects of chapter six is its coverage of Apache ActiveMQ. I prefer to use Open MQ (included in GlassFish), but the chapter shows how to integrate external JMS resources into GlassFish. GlassFish includes a generic JMS JCA adapter which is used to integrate Apache ActiveMQ.

Chapter seven covers security and securing GlassFish. I was disappointed that there were no examples of client certificate authentication. I was also disappointed that the only coverage on certificates was based on self-signed, and there was absolutely no coverage of NSS security. The Java ACC support is incomplete especially without an example. The only really redeeming section in the chapter was the use of password aliases fro encrypting application resources.

Monitoring is covered in chapter eight. The basics of how to setup the monitoring are covered. There is no significant depth to the chapter. The discussion on call flow monitoring shows an example of an application which is not included in the sample code. It is from the Java EE tutorial (Duke's Bank). The chapter does topically demonstrate additional monitoring tools like JConsole and VisualVM. Both of these tools are included in the JDK, and don't get the coverage they deserve. VisualVM is a NetBeans platform application.

The chapter closes with Enterprise Manager, but refers you to external references. I was not impressed. It should have not even made mention of it, if there was no coverage.

Clustering and High Availability (HA) is covered in chapter nine. I liked chapter nine in general. The explanation of the clustering functionality: node agents, and instances was very good. The author explains in detail how to install the load balancer which needed some detail coverage. The information available online is not very centralized. The explanation on in-memory replication including diagrams is very good. It also explains replication ring and some issues with that are encountered on adjacent instance failures.

HADB should be removed from chapter nine. There is no coverage worth mentioning, and it should have been a cornerstone of the chapter.

Chapter ten covers troubleshooting and performance tuning. Actually that is the title, but it really does not cover performance tuning. The reference is to a commercial support contract Performance Advisor.

That being said, it does cover some additional functionality of tools like VisualVM and introduces jstack. It also covers the Thread Dump Analyzer (TDA) and NetBeans profiler.

Chapter eleven is a topical coverage of GlassFish version 3. It was not finalized at the time of release of this book. The information is generally correct though and will give the reader important aspects of the new release and its capabilities.

Summary

The overall impression of the book was a modest 3/5 stars. The book would be a good starting point for a new administrator, but lacks sufficient detail for an advanced practitioner. If you are looking for a beginning book on GlassFish administration, this is not a bad choice.


Chapter Details and Errata

These are notes, errors, comments, and impressions from the chapters. I suggest that if you encounter any errors in the book, please check here to see if I have addressed them.

Chapter 1

(Page 13) The MaxOS X support should include 10.6.

(Page 22) There should be a note to indicate that silent installs can only be done on file based installs (installer), and not on jar based installs.

Chapter 2

(Page 42) Second paragraph makes mention that you can edit the domain.xml file using a text editor. There should be a warning/note that tells the user should check the domain.xml file using the asadmin command to ensure that the file is syntactically correct.
asadmin verify-domain-xml
(Page 46) Item #4, third paragraph refers to a screen shot which is not present.

(Page 47) The command at the bottom of the page is missing a dash.
asadmin list-commands --help | more
(Page 48) The create-domain code is interactive since not all of the parameters are provided so the example is not correct. If you want to avoid interactively providing user and password information, use the --user XXX and --passwordfile XXX syntax.

(Page 49) The command for starting the newly created domain is incorrect. It includes command line switches that are not valid.
asadmin start-domain domain2

Chapter 3

(Page 58) The redeploy switch is not available on version 2.1.1. It is a GlassFish version 3 switch.

(Page 64) The POJO Web Services refers to code which is not available in the example downloads.

(Page 64) The enterprise example and client code is also missing from the example download code. This is a really too bad. The code would have made a really good example of how to use GlassFish.

(Page 67) I could not get this JRuby example running on GlassFish. It runs in Mongrel, and I believe it is valid code. The issue seems to be with rack and warble. It also should be noted that the MySQL JDBC drivers must be downloaded and installed in the CLASSPATH for this to work. I placed the MySQL drivers in the JRuby installation /lib directory. The rake db:migrate command will not work without them, nor will Mongrel connect to the database.

(Page 69) The PATH is incorrect. It should be
export PATH=$GRAILS_HOME/bin:$PATH

Chapter 4

(Page 75) The CLI example is incorrect. It should be:
asadmin set server.session-config.session-properties.timeout-in-seconds=900
(Page 85, 86, and 87) The 2nd and 3rd paragraphs are duplicated on the following pages.

Chapter 5

(Page 100) The CLI example is incorrect. It should be:
asadmin create-jdbc-resource --connectionpoolid MySQLPool jdbc/DevDS
(Page 104) The CLI example is incorrect. It should be:
asadmin create-javamail-resource --mailhost localhost --mailuser MailUser --fromaddress service@programming-stuff.com mail/MyMail
(Page 108) The CLI example is incorrect. It should be:
asadmin create-jndi-resource --jndilookupname cn=MyResources --restype com.programmingstuff.jndi.RegistryResource --factoryclass com.sun.jndi.ldap.LdapCtxFactory ref/SimpleResource

Chapter 6

The example code for the chapter does not work very well. There is no explanation of how to configure it to work. The included AMQBean code does not work out of the box.

Chapter 7

(Page 140) The LDIF file should have been included in the example code.

Chapter 8

(Page 164) The example is incomplete. The first of two screens is shown, and the discussion does not cover the second (more important) configuration screen.

Chapter 9

(Page 176) Clustering DOES work on Mac OS X.

Chapter 11

(Page 245) The paths in the commands are incorrect, they should be:
$examples/deploy ...
(Page 247, 248,250) The paths and project name are incorrect in the last CLI example on the page. It should be:
cd $examples/deploy/SimpleRails

(Page 250) The second CLI example is incorrect. The command to start embedded GlassFish is:
jruby -S glassfish SimpleRails
(Page 251) The path should be:
$examples/deploy/SimpleGroovy

Sunday, February 10, 2008

Book Review: Java EE 5 Development using GlassFish Application Server

Let me start by saying that I am glad that Kshipra Singh, Packt Publishing, contacted me to see if I would review the book. I would also like to note that I am glad that David R. Heffelfinger wrote the book. We need more books on projects like GlassFish.

My overall opinion of the book is good. The book is very well written, and the code examples in the book work. Working code examples are the number one criteria for me. The code examples start with some examples in Chapter 2 that are used throughout the remainder of the book. This provides a coherent flow through the book. You may also download the code examples from the Packt Publishing support site.

I would recommend it as a book to have on your development bookshelf (3/5 stars).


The book claims to be the complete guide to installing and configuring GlassFish. I would not give it that much credit. There is room for more extensive books on GlassFish. There are a number of topics that are very general and have nothing to do with the actual configuration of the server. A better book summary would be a guide to installing, configuring, and developing applications for the Glassfish server. It is really a Java EE 5 tutorial which features Glassfish.

As a book on GlassFish, it is very light in its coverage. As a tutorial for developers acquainting themselves with Java EE 5 and deployment on Glassfish it is very good. In my opinion it is targeted at developers familiar with J2EE who want to switch to JEE5, or junior developers trying to get a better comprehension of the EE environment. It is not for novice programmers.

Chapter 1

Getting Started with GlassFish


This chapter covers getting and installing GlassFish. It is very basic, but will get you up and running. It also includes how to set up your JNDI database connections. The majority of this information can be readily found on the GlassFish site on Java.net. There is a good example of how to set up multiple domains on GlassFish which is not easily gleaned from the site. There is a chart which shows how the --portbase command line option is used to set the ports on which GlassFish services connections. This provides the best explanation for this command line option and graphically depicts what the results are.

Chapter 2

Servlet Development and Deployment

This chapter is a very basic tutorial on servlet technology. It includes writing a simple servlets, web.xml files, and deployment file layout (war files). It includes some examples on html forms, request forwarding and response re-direction. There is nothing GlassFish specific and the files will just as easily deploy on Apache Tomcat unaltered. There is one item of note which is sun-web.xml related which has to do with how to change the context root. This is used if you do not want the default deployment context to match the name of the war file.

Chapter 3

JavaServer Pages

This chapter again has a basic tutorial on JSP technologies. There is a really good example of creating custom JSP tags and how to use them. Again, there is nothing that would prevent the war files from being deployed on Apache Tomcat. I wish that the author would have covered Unified Expression Language (EL) in more detail. It is more central to this technology on JEE5 platforms.

Chapter 4

Database Connectivity

This is the first chapter which covers a really important topic in the enhanced JEE5 database access functionality, new Java Persistence API (JPA), and its reference application server (GlassFish). The first example shows a servlet and how to connect to a database using the old form of JNDI lookup without resource injection. The next example shows the simplified version using resource injection of the DataSource. This removes all the plumbing of fetching our data source.

The next section covers Java Persistence API (JPA) and provides an in-depth tutorial. This is a key concept in JEE5. It introduces the Entity annotation on a POJO to convert it to a persistable object. The simple example that follows it demonstrates correctly how to to use JPA in a non-thread safe environment of a servlet using a UserTransaction. It also covers the persistence.xml file.

This chapter is a must for anyone who wants to learn JPA. The sections on entity relationships, and composite primary keys are done extremely well.

This chapter concludes on Java Persistence Query Language (JPQL) which is the follow-on from EJB QL.It is very light. I wish the author would have covered this very important topic in more detail. That being stated, the code sample is a perfect example.

The book is worth purchasing for this chapter alone.

Chapter 5

JSP Standard Tag Library

This chapter is a basic tutorial on the JSTL. I found a number of syntax mistakes, which were submitted back to Packt. The SQL JST Tag Library is covered. It was very simple. There is one note on No Suitable Driver SQL Exception which is often a hard thing to track down.There is nothing substantive about this chapter.

Chapter 6

JavaServer Faces

This is another JEE5 technology that needs more coverage in general. This chapter provides a good foundation on the reference JSF implementation. It is very well written. I am a big advocate of JSF and thoroughly examined this chapter.

The introductory examples are well done and give a good overview of the technology. The example Customer bean is the same bean that is used in JPA in chapter 4. This shows the consistency and flow between chapters. In this case we use the bean as a managed bean in the JSF context.

The chapter also explains the changes needed in the web.xml file for JSF.

The section on validators is very well done. It includes an example using the Apache Commons Validator framework. The point is to show that you should look for good validators rather than creating your own. Roll your own for domain specific requirements. It also covers validator methods in some detail. It also covers another useful utility from the Apache Commons Language Library.

There is a section on customizing messages that provide feedback to the user on various validation errors. It contains a section on how to modify the default messages on GlassFish. It is nice to know how to do this, but I would encourage users NOT to do it. You can Google for the default messages to see what they mean. If you change them, that option no longer exists. Also it is not intuitively obvious where the message is coming from. There is another example using a message bundle for your customized messages. I would HIGHLY recommend using this method.

There is a wonderful section on integrating JPA and JSF. This is a must read, and covers the practical side of JSF and JPA. It uses a model-view-controller paradigm. It shows how to use the JPA as a managed bean that gets set from the JSF page and saved/modified from the controller servlet. This is an excellent example of how to do it.

Finally, the chapter closes with a reference to the JSF Core components. I personally believe that this should have been an appendix. It really does not contribute to the flow of the book, or chapter. I went through the reference with a fine-toothed comb. The examples are really clean. I submitted some errata for the section, but it was done very well.

This is another chapter that makes the book worth purchasing.

Chapter 7

Java Messaging Service

This is a chapter that has a very specific setup for GlassFish. Most of the previous chapters were general enough on the specific technologies that they could be used on Apache Tomcat. The JMS server setup which is covered for GlassFish is very specific to the server.

The first part of the chapter covers how to set up the JMS connection factory, and JMS destination resources (Queue and Topic).

The examples that follow are very well done on how to use the various topics and queues.

I was really impressed with the authors examples. They were clean. I questioned one of the examples on durable topics, only to discover that the author was correct.

Chapter 8

Security

This chapter seems out of sequence. The Enterprise Java Beans (EJB) and Web Services chapters follow it. I would have recommended it to follow those two chapters. The author does cover securing EJBs and web services which require a security pre-cursor, but it seems to disrupt the flow of the book.

This chapter was a big disappointment. The topic is covered in minimal detail. This chapter is so important that it needs more coverage.

Here are some of the major omissions:
  • Setting up a SSL/TLS connection using a self-signed certificate, or CA certificate
  • Setting up an LDAP realm
  • Optional attributes for the various realms
There is coverage of the various realms with a focus on file and JDBC.

The JDBC realm is complex. I understand that setting up a JDBC realm requires more work, but I am not sure how many people would use this type of realm.

The file realm coverage is detailed, but I am not sure that any enterprise would use this arrangement. It is not scalable.

The example login form using j_security_check is very useful, as well as, the example LogoutServlet.

The certificate realm is covered in fine detail. It is one of the best examples of how to configure this setup.

The LDAP and Solaris realms are weak. There is nothing here but a placeholder explanation. I can imagine that most enterprise users will have an LDAP domain that they will connect to. This topic could have included an example using OpenLDAP with its configuration in an appendix, or using openDS.

The JDBC realm setup has a number of serious errors which were reported as errata.

The section on defining custom realms is ok. It glosses a topic which requires more detail. I would HIGHLY recommend using a pre-defined realm instead of defining your own.

Chapter 9

Enterprise JavaBeans


This chapter provides a good tutorial on the JEE5 EJB 3.0 technologies. It covers the use of the new @Stateless, @Stateful, and @MessageDriven bean annotations.

There is an excellent example of using a stateless session bean as the Data Access Object (DAO) controller for JPA. It is well done. This is followed by another excellent example of how to use DAO EJB in a web application using resource injection.

Transactions are covered in very good detail. There is an excellent table which explains the various types of container managed transactions, and the @TransactionAttribute annotation.

The real jewel of this chapter, in my opinion, is the section on Bean-Managed Transactions which includes an excellent example with all of the correct annotations.

There is a section on the new EJB Timer service. I wish they would have included a practical example, but the included example gives you a feel on how it works.

EJB Security is covered lightly. There is a great note about automatically matching Roles to Security Groups on GlassFish. It is a very well hidden feature, and one which I was not aware of. This simplifies some of the security mapping and is a great time saver.

This is another good chapter.

Chapter 10

Web Services


This chapter provides a good tutorial on Java API for XML for Web Services (JAX-WS). It has some simple examples, and demonstrates the great GlassFish web service testing facility built into the platform. The tester is a web based page which allows you to enter values and see the results, as well as, the SOAP messages (Request and Response). This is a real time saver and can help a developer check the expected messages quickly.

The chapter includes a section on how to include attachments and expose EJBs as web services.

The chapter concludes on a light coverage of web service security.

Chapter 11

Beyond Java EE

This chapter covers some alternative and complementary technologies for JSF like Facelets, Facelets Templating, Ajax4jsf (providing AJAX functionality to JSF applications), and Seam. The chapter includes some sample applications and how to install and set up these technologies.

Appendices

The appendices include coverage of using JavaMail and integrating GlassFish into various IDEs.

Again, I would recommend this book for anyone who wants to learn the basics of JEE5 programming with GlassFish.

Sunday, March 25, 2007

Sun Java System Application Server 9.x (glassfish) External JNDI LDAP Resource Part III

I have had a question posed to me about how to use this resource once it is setup. Indeed it would be quite limiting without an example. I have created a stateless session bean (SSB) using JEE5 resource injection to show how to use it. It also has @WebService capabilities for testing. Keep in mind that the application has NO security and is merely provided as an example.

Prerequisites:
  • LDAP Server installed and configured
  • Sun Java System Application Server (glassfish) 9.x
  • External JNDI LDAP resource configured

License: Apache 2.0
Package: EJBLDAPModule.zip

This is a Netbeans 6 project.

Thursday, March 15, 2007

Sun Java System Application Server 9.x (glassfish) External JNDI LDAP Resource Part II

In my recent blog entry on configuring an external JNDI LDAP entry, I showed how to connect to an LDAP server as a JNDI reference. This assumes that the LDAP server is on the local machine and that it allows anonymous authentication. Usually this is not the case. I will cover how to use a login to an LDAP server which requires a little more configuration.

Prerequisites:
  • A working LDAP server
  • A login which can browse the directory tree
Instructions:

Please follow the directions in my previous blog entry to set up the basic external JNDI resource. The Sun Java System Application Server 9.1 Administration Guide is incorrect on how to set the properties. It refers to using some properties that are defined for LDAP like PROVIDER-URL. Unfortunately, to use them you would need to prefix them with the appropriate class. So we will use an alternate tack and use them by their fully qualified names. Add the following properties to the entry.

PROVIDER-URL:
java.naming.provider.url

SECURITY_PRINCIPAL:
java.naming.security.principal

SECURITY_AUTHENTICATION:

java.naming.security.authentication

SECURITY_CREDENTIALS:

java.naming.security.credentials

Since we have the fully qualified names, we can use them to set the properties for our external JNDI resource. See the image below.


Once you have the properties set and saved, you will have a complete external JNDI LDAP connection.

Congratulations!

Tuesday, March 06, 2007

Sun Java System Application Server 9.x (glassfish) External JNDI LDAP Resource Part I

I read the SJSAS Administration Guide to determine how to set up an external JNDI Resource. In my case, I wanted to simply provide another method to talk to LDAP outside of the security context. The Administration Guide is helpful...but incorrect. I have included the steps required to connect to an external LDAP server below. This works with OpenLDAP and SunONE Directory Server 5.2. The syntax should be similar on other systems.

Prerequisites:
  • An LDAP server. I use both OpenLDAP and SunONE Directory Server
  • Sun Java System Application Server 9.x (Project Glassfish). I am using Glassfish V2 Build 37
Instructions:

1. Log into the glassfish administration console.
2. Navigate to the Resources --> JNDI --> External Resources tree.


3. Create a new JNDI External Resource (see image below)
  • JNDI Name: pick a unique name for the resource. I prefix mine with ldap e.g. ldap/myldap
  • Resource Type: javax.naming.ldap.LdapContext
  • Factory Class: com.sun.jndi.ldap.LdapCtxFactory
  • JNDI Lookup: this would be your BaseDN e.g. dc=bluelotusholdings,dc=com


4. Check to make sure that the resource was created correctly and that it appears in the server JNDI Browser. If it does, you have configured it correctly. To find the JNDI Browser go to Application Server --> JNDI Browsing.


5. You should see something that looks like the image below. Please note the organizationalUnit (ou) ou=people and ou=groups are displayed as nodes in the BaseDN.


Success!

Sunday, December 24, 2006

Sun Java System Application Server 9.x (glassfish) SSL/TLS Authentication Setup

I am providing the basics needed to get a CACert org signed certificate loaded on your application server.

Prerequisites:
  1. You need an account at CACert.org
  2. You need to install and configure Sun Java System Application Server 9.x or Project Glassfish

Instructions:

1. Go to the domains/domain/config directory of the application server installation.

You will find two JKS keystores located in the directory. One is called cacerts.jks and the other is keystore.jks. The cacerts.jks file is used to store the Certification Authority (CA) certificates. The keystore.jks file is used to store locally generated certificates. There is a default key located in both the keystores called s1as which is created when you install the application server.

To view the certificates in the keystore use the keytool utility as follows

keytool -list -v -keystore keystore.jks -storepass changeit

This will display the certificates in the keystore.

2. Import the CACert.org root (class 1) and class 3 certificates from here. Select the PEM format files and save them to the local drive.

NOTE: You will want to import these files into both the cacerts.jks and keystore.jks files. You will need the files in your keystore.jks file to import the signed certificate later.

Import the files as follows:

keytool -import -v -alias cacert -trustcacerts -keystore cacerts.jks -storepass changeit -file root.crt

keytool -import -v -alias cacert -trustcacerts -keystore keystore.jks -storepass changeit -file root.crt

keytool -import -v -alias cacert3 -trustcacerts -keystore cacerts.jks -storepass changeit -file class3.crt

keytool -import -v -alias cacert3 -trustcacerts -keystore keystore.jks -storepass changeit -file class3.crt


3. Create a new certificate for the server using the following

keytool -genkey -keyalg RSA -alias server -keystore keystore.jks -keypass changeit -storepass changeit -noprompt -v -dname "cn=yourdomain.com, ou=Sun Java System Application Server, o=your company name, s=your state, c=your country"

Change the dname values as appropriate. Afterwards check the keystore.

keytool -list -v -alias server -keystore keystore.jks -storepass changeit

You should get an output similar to this accounting for your domain:

Alias name: server Creation date: Dec 24, 2006 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=yourdomain.com, OU=Sun Java System Application Server, O=your company name, ST=your state, C=your country Issuer: CN=yourdomain.com, OU=Sun Java System Application Server, O=your company name, ST=your state, C=your country Serial number: 458ed092 Valid from: Sun Dec 24 14:10:10 EST 2006 until: Sat Mar 24 15:10:10 EDT 2007 Certificate fingerprints: MD5: 0D:62:DA:52:34:DE:65:40:C5:34:DB:97:EE:58:20:22 SHA1: 2B:AA:0F:A0:6D:C6:DE:C2:20:19:72:85:97:B1:6B:DA:B5:7D:AC:D0

4. Create the Certificate Signing Request (CSR) using the following command:

keytool -certreq -v -alias server -keystore keystore.jks -storepass changeit -file server.csr

5. Copy the contents of the file to the CSR request form on the CACert.org site.



Here is an example of the data in the server.csr file

-----BEGIN NEW CERTIFICATE REQUEST----- MIIBzzCCATgCAQAwgY4xFTATBgNVBAYTDHlvdXIgY291bnRyeTETMBEGA1UECBMKeW91ciBzdGF0 ZTEaMBgGA1UEChMReW91ciBjb21wYW55IG5hbWUxKzApBgNVBAsTIlN1biBKYXZhIFN5c3RlbSBB cHBsaWNhdGlvbiBTZXJ2ZXIxFzAVBgNVBAMTDnlvdXJkb21haW4uY29tMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQCETXJQCNJz9rDLBuE8RBV/IK4sfVt1MC0DJLd6Ph94uTy+kz9mkVml41KV zd9UORdp4VCFXd9ssS5UiophTvHzcntJpAVONTwjUkdaukYA5bE5HrKsS7BjdnJTYnoeUHJ6g1ig 6NrUt2GouQGQYeiIUCoPfXsB9g8+S/0tPI6X/wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAYjAR My7nevIe3HM2NrilO29ls1PrjP4h6ApppCdaGrvn8RlSaXp4kPIb5s1/vHWbIB6CIeSZvlmXk2NG 649iTBK6+wLw0RTotcQXtCx7S9YnguBeWBA+zb2fJRfdWYJhCwbm9cyAfJbP80N3lyB7/XKyvq/N fjqp30oTQiiq75U=
-----END NEW CERTIFICATE REQUEST-----



5. You should get an immediate response on the site as well as an email with the certificate located in it. Copy the certificate from the site and save it in a file called signed.crt. The file should contain something that looks like the following.
-----BEGIN CERTIFICATE-----
MIIEYjCCAkqgAwIBAgIDAwmZMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA2MTIyNDE3MDQxNVoXDTA3MDYyMjE3MDQxNVowIDEe
MBwGA1UEAxMVYmx1ZWxvdHVzaG9sZGluZ3MuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQChU0hgVKaULE1W7gDLGaKwmhRXBqUgH7pboozXO61eT6rOwHPi
dEBjYWNlcnQub3JnMB4XDTA2MTIyNDE3MDQxNVoXDTA3MDYyMjE3MDQxNVowIDEe
MBwGA1UEAxMVYmx1ZWxvdHVzaG9sZGluZ3MuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQChU0hgVKaULE1W7gDLGaKwmhRXBqUgH7pboozXO61eT6rOwHPi
dEBjYWNlcnQub3JnMB4XDTA2MTIyNDE3MDQxNVoXDTA3MDYyMjE3MDQxNVowIDEe
MBwGA1UEAxMVYmx1ZWxvdHVzaG9sZGluZ3MuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQChU0hgVKaULE1W7gDLGaKwmhRXBqUgH7pboozXO61eT6rOwHPi
5lWu+N26F+Y0xopIhlechSByXXtwwh2bX5cgock0MHBP0qvwx6pNYglqWArxbnoV
qFoNewxtkM6Riu0uYU31jZadzO7dP8ZR/CrF4AlZ8DKU7I7faWFu5HK0YwIDAQAB
o4HPMIHMMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUF
BwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDIGCCsGAQUF
BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzBFBgNV
HREEPjA8ghVibHVlbG90dXNob2xkaW5ncy5jb22gIwYIKwYBBQUHCAWgFwwVYmx1
ZWxvdHVzaG9sZGluZ3MuY29tMA0GCSqGSIb3DQEBBQUAA4ICAQCTOLgns8xTkgwC
YozYkLqFN+bc6zmR+iu9yWY59Ayu0xR+4e9nxqfm1SsHaKo/1tQX3CyBVGm4MhMg
9uA2sNhjJPPy7y/2oafK2R6olHHkVsLfX6MXddRPNzyjQeGgxeH9FtPz9fd9b3OP
z2fAdCSgeOhH9bn2myvRPAcX7X/wh89Gmybg52jlhl6wgumg1SQlyQ60Ht4zZYyL
7Viu6WWsCPHAWUTLQ1k7XdgLDAY0JMwRBMkCCT0w7CVdC1PkGe2WTsgnEB5RHTF5
c1fQ+fiiJC+giEMI/YwfV0AkSF9ILhm/y9DDdQ6KjkxdQne3WxaUek7cm1H/xdM9
QLBkfyNfLDanySS7dDTZK28pSSItYedpzOGIQHsDY3LfSv1kdqTEEwVGZDXW6OO5
/v/efWTLn6weuypTMVrXWZ4ednz09WP5BQ7RZjPmUX8sE+IZ3SRycCH6cZERp+dN
D3UZYBuRmQ5rWx32XNDf9wY2AiuSWFvWGnDQmpjfCAi47Q4wugk7y63xl7b+LAJC
Bp5YNJnD4zFWgvMPxo8IeJk+Dd0sNcEPAd/VJH9jymqaTbx3Dv9W5ZwGxmdNv7em
3h3544G4dVuuq24ZDbCeFdLVUcS+74407fIBHMgCf3fRXCBhJbaL90srZSAV3sX3
g7DyVvIlt035V+MMwdjgg3wmF55tww==
-----END CERTIFICATE-----

6. We imported the CACert.org certificates so that we could do the next step without issues. We will want to import the new certificate to the keystore and combine it with our private key. We do this by using the same alias we assigned to the private key (keyEntry).

keytool -import -v -trustcacerts -alias server -keystore keystore.jks -keypass changeit -storepass changeit -file signed.crt

7. Delete the cacert and cacert3 certificates from the keystore.jks

keytool -delete -v -alias cacert -keystore keystore.jks -storepass changeit
keytool -delete -v -alias cacert3 -keystore keystore.jks -storepass changeit

8. Configure the application server to use the new key. I try it on the HTTP Service --> HTTP Listeners --> http-listener-2. Select the security enabled, SSL3, TLS, and All supported ciphers checkboxes. Fill in the Certificate Nickname as server. Save and restart the application server.



9. Check the configuration by going to https://localhost:8181

FINISHED

Congratulations you are on SSL. Once I am sure that everything is working, I immediately set the admin site to use SSL/TLS as an important security measure.


Popular Posts