Skip to main content

Gluu Server certificate import into Java truststore and service restart

📌 Summary

  • ✔️ Extracted cert using OpenSSL
  • ✔️ Imported cert to Java's cacerts truststore
  • ✔️ Restarted Gluu Jetty services
  • ✔️ Verified fix for SSL trust errors

h2>🔧 Trusting Gluu Self-Signed Certificate in Java Truststore

1️⃣ SSH Into the Server

ssh root@your-server-ip

2️⃣ Enter Gluu Chroot Environment

To access Gluu's internal environment:

/sbin/gluu-serverd login

3️⃣ Extract Gluu Certificate

Use OpenSSL to pull the self-signed cert and save it:


openssl s_client -showcerts -connect gluu.mslspartners.com:443  /etc/certs/gluu-full-chain.crt

4️⃣ Import Certificate into Java Truststore

🧹 Delete previous cert (if exists):


keytool -delete -alias gluu-remote \
  -keystore /etc/ssl/certs/java/cacerts \
  -storepass 'D0m@in@dm!n'

📥 Import new cert:


keytool -import -alias gluu-remote \
  -keystore /etc/ssl/certs/java/cacerts \
  -trustcacerts -file /etc/certs/gluu-full-chain.crt \
  -storepass 'D0m@in@dm!n' -noprompt

✅ Confirm:


keytool -list -keystore /etc/ssl/certs/java/cacerts \
  -storepass 'D0m@in@dm!n' | grep gluu-remote

5️⃣ Restart Gluu Jetty Services

Restart each service manually or with a script.

💡 Sample Script: /root/restart-gluu.sh


#!/bin/bash
cd /opt/gluu/jetty/oxauth && nohup java -jar ../../jetty/start.jar > oxauth.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/identity && nohup java -jar ../../jetty/start.jar > identity.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/idp && nohup java -jar ../../jetty/start.jar > idp.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/scim && nohup java -jar ../../jetty/start.jar > scim.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/fido2 && nohup java -jar ../../jetty/start.jar > fido2.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/casa && nohup java -jar ../../jetty/start.jar > casa.log 2>&1 &

📦 Run it:

/root/restart-gluu.sh

6️⃣ Verify Java Services

ps aux | grep java | grep -v grep

7️⃣ Troubleshoot Certificate Path Issues

If you see this error:


Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

✅ That means the certificate is not trusted by Java. Re-check your import steps.

No Comments
Back to top