1、//用命令打开glassfish下的config目录或是java的安装目录\jdk\bin
cd%glassfish_home%\domains\teras_domain\config
2、//生成新的sfb_store.jks
1:keytool -genkeypair -keyalg RSA -keysize1024 -keystore sfb_store.jks -validity 18760 -alias sfb (sfb这个别名可自定义)
3.//生成证书,如果使用第三方的CA认证这一步不需操作。(注意:不要去修改storepass密码“changeit”)
2:keytool -export -alias sfb -keystoresfb_store.jks -file sfb.cer -storepass changeit
4、修改%glassfish_home%\domains\teras_domain\config下的domain.xml文件,要针对对应的实例的配置进行修改如server-config:
<jvm-options>-Djavax.NET.ssl.keyStore=${com.sun.aas.instanceRoot}/config/sfb_store.jks</jvm-options>
用“sfb”.全局替换该实例中的“s1as”(其它实例的配制文件可保持不变),因为 “sfb”是上面用的别名.
5、在对应的实例配置节点末尾(</config>)添加如下监听(注:如果在同一服务器上配置多个实例时记得调整port值)
<http-listeneracceptor-threads="1"
address="0.0.0.0" blocking-enabled="false"
default-virtual-server="server"enabled="true"
family="inet"id="http-listener-2" port="38700"security-enabled="true" server-name=""xpowered-by="true">
<sslcert-nickname="sfb" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true"tls-enabled="true" tls-rollback-enabled="true"/>
</http-listener>
//删除cacerts.jks,通过证书生成新的cacerts.jks
6、keytool -import -v -trustcacerts -alias sfb -file sfb.cer -keystorecacerts.jks -keypass changeit
7、web.xml文件
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>…说明信息</description>
<url-pattern>*.xhtml</url-pattern>(视情况而定:/*)
</web-resource-collection>
<user-data-constraint>
<description>Protectionshould be CONFIDENTIAL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>