Configure SSL on Apache and Glassfish and forward traffic to Glassfish

Reading Time: 2 minutes

keytool -keysize 2048 -genkey -alias -keyalg RSA –dname “,O=company,L=Istanbul,S=Istanbul,C=TR” -keystore keystore.jks

keytool –certreq –alias –keystore keystore.jks –file cert_req.csr

keytool -import -alias -keystore keystore.jks -trustcacerts -file

send that csr to generate your ssl file then download x509 certificate from geotrust

then move the certificate to /root



download x509 format

and save first server certificate as root.crt

save last intermediate.crt and transfer all files to your ftp

then copy them to domain folder


keytool -import -alias intermediate -keystore keystore.jks -trustcacerts -file intermediate.crt

keytool -import -alias root -keystore keystore.jks -trustcacerts -file

keytool -import -alias yourdomain -keystore keystore.jks -trustcacerts -file

then nano domain.xml

here change all s1as as your domain name and fire  up your server

export key file

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias jkskeyalias  -deststorepass password -destkeypass password

openssl pkcs12 -in keystore.p12  -nokeys -out cert.pem
openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem
convert pem to key
openssl rsa -outform der -in private.pem -out private.key

then move the key file to /root for security

edit /etc/httpd/conf.d/ssl.conf below

<VirtualHost _default_:443>

SSLProxyEngine on
ProxyPreserveHost On
ProxyPass / https://localhost:8181/
ProxyPassReverse / https://localhost:8181/

SSLEngine on

SSLCertificateFile /root/X509CERTIFICATE FROM GEOTRUST.crt

SSLCertificateKeyFile /root/private.key(EXPORTED FROM KEYTOOL)




if you only want https when http request is received then do the following in /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
   ServerName <span class="highlight"></span>
   Redirect permanent /

add firewall

<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT</tt>
<tt class="COMMAND">iptables -A OUTPUT -p tcp -m tcp --dport 433 -j ACCEPT 

service iptables save

service iptables restart</tt>
<tt class="COMMAND"></tt>