Right way to configure Glassfish SSL certificate nickname?
Question
Glassfish lets to set the SSL certificate nickname through its admin console as it is highlighted in the pic below:
But almost every tutorials in the web mention that it is necessary to replace all occurrences of the default SSL nickname ( s1as ) with the one will be used(ie mydomain.com ) in the domain.xml file.
So what is the proper way of setting certificate nickname?
2 answers
solution1
6 ACCPTED 2015-03-26 14:13:49
It is very likely that the admin console is just updating the domain.xml file anyway. In either case, it is good practice to avoid modifying the domain.xml file wherever possible. There is no official advice in the Security Guide for GF4 and the only mention of the certificate nickname is:
If you enable secure admin on an SSL-enabled GlassFish Server installation, secure admin uses the existing value as the DAS admin alias for secure admin.
https://glassfish.java.net/docs/4.0/security-guide.pdf
Changing the nickname isn't actually necessary, from a functional perspective. When you import your key/cert to the keystores you can just use the same name to replace the existing cert, which is perfectly valid.
Edit : To change alias names with the asadmin command, you can use enable-secure-admin with either --instancealias myNewAlias or --adminalias myOtherNewAlias (or both).
The default for adminalias is s1as and the default for instancealias is glassfish-instance .
solution2
2 2016-11-17 05:22:45
如果您在bellow命令中为其创建了另一个更改,则http-listener-2是在端口8181上启用了ssl的默认http侦听器(glassfish或payara)。
asadmin set "configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.cert-nickname=yourNickName"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.