Security: Generate certificates with keytool

By | November 23, 2016

The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain.

STEP 1: Delete the old certificate

In glasfish in each domain where security is activated we have a keystore.jks keystore where the https certificate used by the glasfish domain is stored.

To delete the old s1as certificate if it exists.

STEP 2: Generate new key for alias s1as

STEP 3: Generate a certificate request for alias s1as

STEP 4: Sign the certificate request for alias s1as with the CA
Sign the certificate in your Windows CA. Export it from there with full cert chain (binary, pkcs#7 with Certificate chain)

STEP 5: Import the signed certificate for alias s1as in the keystore