Skip to main content

How to handle SSL certificate renewal process when GlassFish is used behind Apache WebServer?

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
No replies
gkk_gf
Offline
Joined: 2012-02-06

I'm using GlassFish 3.1.2 behind an Apache Web server to interface between java logic on the application server and client web app.

To get a Java method to send email through GlassFish to the SMTP webserver in Apache WebServer, I need to import the mail server's certificate (exim.crt in my case) to GlassFish, otherwise a Java exception occurs.

This certificate auto-renews, which works great for Apache WebServer, because it's already pointing to the correct file/directory.

However, since I imported the certificate into GlassFish, I assume GlassFish needs me to import the renewed certificate as well. Is this true?

If so, unless I manually import the renewed certificate into GlassFish, won't I see a Java exception when the originally imported cert in GF expires?

Assuming I'm not doing anything different than others, is it standard practice to manually re-import SSL certificates yearly into GlassFish, for example, using a keytool command?

I don't really have any experience in this area. Looking for help to understand what is normally done to prevent manual intervention yearly for such a task. How is this normally addressed?