Configure SSL on Apache and Glassfish and forward traffic to Glassfish

Posted by

keytool -keysize 2048 -genkey -alias tugrulaslan.net -keyalg RSA –dname “CN=tugrulaslan.net,O=company,L=Istanbul,S=Istanbul,C=TR” -keystore keystore.jks

keytool –certreq –alias tugrulaslan.net –keystore keystore.jks –file cert_req.csr

keytool -import -alias tugrulaslan.net -keystore keystore.jks -trustcacerts -file yourdomain.com.crt

send that csr to generate your ssl file then download x509 certificate from geotrust

then move the certificate to /root

IMPORT SSL INTO KEYSTORE

 

download x509 format

and save first server certificate as root.crt

save last intermediate.crt and transfer all files to your ftp

then copy them to domain folder

then

keytool -import -alias intermediate -keystore keystore.jks -trustcacerts -file intermediate.crt

keytool -import -alias root -keystore keystore.jks -trustcacerts -file root.com.crt

keytool -import -alias yourdomain -keystore keystore.jks -trustcacerts -file yourdomain.com.crt

then nano domain.xml

here change all s1as as your domain name and fire  up your server

export key file

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias jkskeyalias  -deststorepass password -destkeypass password

openssl pkcs12 -in keystore.p12  -nokeys -out cert.pem
openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem
convert pem to key
openssl rsa -outform der -in private.pem -out private.key

then move the key file to /root for security

edit /etc/httpd/conf.d/ssl.conf below

<VirtualHost _default_:443>

ServerName tugrulaslan.net
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass / https://localhost:8181/
ProxyPassReverse / https://localhost:8181/

SSLEngine on

SSLCertificateFile /root/X509CERTIFICATE FROM GEOTRUST.crt

SSLCertificateKeyFile /root/private.key(EXPORTED FROM KEYTOOL)

</VirtualHost>

sslapacheglassfish

 

if you only want https when http request is received then do the following in /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
   ServerName <span class="highlight">example.com</span>
   Redirect permanent / https://example.com/
</VirtualHost>

add firewall

<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT</tt>
<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 433 -j ACCEPT 

service iptables save

service iptables restart</tt>
<tt class="COMMAND"></tt>

Leave a Reply

Your email address will not be published. Required fields are marked *