Sun Java System Web Server 7.0 Update 7 Administrator's Guide

Configuring SSL for the Server

SSL is the most popular standard for securing Internet communications and transactions. Web applications use HTTPS (HTTP over SSL), which uses digital certificates to ensure secure, confidential communications between server and clients. In an SSL connection, both the client and the server encrypt data before sending it, then decrypt it upon receipt.

When a Web browser (client) wants to connect to a secure site, an SSL handshake happens:

After the handshake, the client has verified the identity of the Web site, and only the client and the Web server have a copy of the session key. From this point forward, the client and the server use the session key to encrypt all their communications with each other. Thus, their communications are ensured to be secure.

The newest version of the SSL standard is called TLS (Transport Layer Security).

Use the command create-cert-request to generate a request and send the request to your CA. Later, when you receive the certificate from the CA you'll need to install it using the install-cert command. If you have a key and a certificate in a Java keystore which you're looking to migrate, use the command migrate-jks-keycert. For a development/test server, the easiest way to get going is to generate a self-signed certificate using the command create-selfsigned-cert.

wadm> create-selfsigned-cert --server-name=hostname --nickname=MyServerCert 

Check the man pages for more options and examples.

With the certificate installed, you need a listener on a port which will have SSL enabled.

wadm> create-http-listener --user=admin --password-file=admin.pwd --host=serverhost 
--port=8989 --listener-port=18003 --config=config1 
--default-virtual-server-name=config1_vs_1 config1_ls_1

Next enable SSL for the listener and associate the listener with the nickname of the certificate.

wadm> set-ssl-prop --http-listener=http-listener-ssl enabled=true
wadm> set-ssl-prop --http-listener=http-listener-ssl server-cert-nickname=MyServerCert

After this setup, deploy the configuration and start the instance.

wadm> deploy-config config_name
wadm> start-instance --config config_name hostname

Note –

Using Administration Console

To create a self-signed certificate through Administration Console, perform the tasks as mentioned in Requesting a Certificate and select 'Self-Signed Certificate' as the certificate type.