Skip to main content

Gluu Server CE Cert import

🔐 Step 1: SSH Into the Host Machine

From your local terminal, connect to your Gluu server host:

ssh root@your-gluu-server-ip

Replace your-gluu-server-ip with your actual IP address or hostname.

📦 Step 2: Log In to the Gluu Chroot Environment

Gluu runs inside a chroot container. Enter it with:

/sbin/gluu-serverd login

You’ll know you're inside when your prompt changes (e.g., [gluu@gluu ~]#).

📁 Step 3: Navigate the Gluu File Structure

Core services are found under:

cd /opt/gluu/jetty/
  • oxauth: OAuth2/OpenID Connect Provider
  • identity: Admin UI (oxTrust)
  • idp: SAML IDP
  • scim: SCIM User Management
  • fido2: FIDO2 Service
  • casa: User Self-Service Portal

📜 Step 4: View Logs for Troubleshooting

Check the most recent log lines for a service. Example (oxAuth):

tail -n 50 /opt/gluu/jetty/oxauth/logs/oxauth.log

Replace oxauth with the appropriate service name as needed.

🔁 Step 5: Restart Gluu Services

Option A: Using a Script

/root/restart-gluu.sh

Option B: Manual Service Restart


cd /opt/gluu/jetty/oxauth
nohup java -jar ../../jetty/start.jar > oxauth.log 2>&1 &

Repeat for other services like identity, idp, etc.

🔍 Step 6: Check Running Java Services

Use this to verify if services are active:

ps aux | grep java | grep -v grep

🔐 Step 7: Verify Java Truststore for Certificates

Ensure custom certs are loaded:

keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass 'your-password' | grep gluu

🚪 Step 8: Exit the Chroot Environment

To return to the regular Linux shell:

exit

📝 Summary

  • 🛠️ Use /sbin/gluu-serverd login to manage Gluu internals
  • 🧭 Services located at /opt/gluu/jetty/
  • 📈 Logs help debug services under /logs
  • 🔐 Use keytool to verify Java truststore certificates

💡 Tip: Always ensure your certificates are trusted by the JVM for SSL-based connections to succeed!

Back to top