Skip to main content

Gluu Server certificate import into Java truststore and service restart

📌 Summary

    ✔️ Extracted cert using OpenSSL ✔️ Imported cert to Java's cacerts truststore ✔️ Restarted Gluu Jetty services ✔️ Verified fix for SSL trust errors

    h2>🔧 Trusting Gluu Self-Signed Certificate in Java Truststore

    1️⃣ SSH Into the Server

    ssh root@your-server-ip

    2️⃣ Enter Gluu Chroot Environment

    To access Gluu's internal environment:

    /sbin/gluu-serverd login

    3️⃣ Extract Gluu Certificate

    Use OpenSSL to pull the self-signed cert and save it:

    
openssl s_client -showcerts -connect gluu.mslspartners.com:443  /etc/certs/gluu-full-chain.crt

    4️⃣ Import Certificate into Java Truststore

    🧹 Delete previous cert (if exists):

    
keytool -delete -alias gluu-remote \
  -keystore /etc/ssl/certs/java/cacerts \
  -storepass 'D0m@in@dm!n'

    📥 Import new cert:

    
keytool -import -alias gluu-remote \
  -keystore /etc/ssl/certs/java/cacerts \
  -trustcacerts -file /etc/certs/gluu-full-chain.crt \
  -storepass 'D0m@in@dm!n' -noprompt

    ✅ Confirm:

    
keytool -list -keystore /etc/ssl/certs/java/cacerts \
  -storepass 'D0m@in@dm!n' | grep gluu-remote

    5️⃣ Restart Gluu Jetty Services

    Restart each service manually or with a script.

    💡 Sample Script: /root/restart-gluu.sh

    
#!/bin/bash
cd /opt/gluu/jetty/oxauth && nohup java -jar ../../jetty/start.jar > oxauth.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/identity && nohup java -jar ../../jetty/start.jar > identity.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/idp && nohup java -jar ../../jetty/start.jar > idp.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/scim && nohup java -jar ../../jetty/start.jar > scim.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/fido2 && nohup java -jar ../../jetty/start.jar > fido2.log 2>&1 &
sleep 5
cd /opt/gluu/jetty/casa && nohup java -jar ../../jetty/start.jar > casa.log 2>&1 &

    📦 Run it:

    /root/restart-gluu.sh

    6️⃣ Verify Java Services

    ps aux | grep java | grep -v grep

    7️⃣ Troubleshoot Certificate Path Issues

    If you see this error:

    
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

    ✅ That means the certificate is not trusted by Java. Re-check your import steps.

    📌 Summary

      ✔️ Extracted cert using OpenSSL ✔️ Imported cert to Java's cacerts truststore ✔️ Restarted Gluu Jetty services ✔️ Verified fix for SSL trust errors
      Back to top