Question : Configuring SSL with Glassfish

I am trying to configure SSL on a GlassFish server running on RedHat.  The problem I am running into is that I am unable to get the GlassFish instance to realize the cert is trusted.  What this means is that,  when a user goes to the web page, they are given a warning that the cert is not trusted.  The cert is from Equifax (GeoTrust).  For some reason I am unable to import the root ca cert into glassfish.

As per instructions at (http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2), These are the steps I am taking:

-------GENERATE CSR-------------

#keytool -delete -alias s1as -keystore keystore.jks
#keytool -genkeypair -keyalg RSA -keystore keystore.jks -validity 365 -alias s1as
#keytool -certreq -alias s1as -file -keystore keystore.jks

------STEPS TO COMPLETE THE CERT REQUEST------

{Retrieve and copy the signed cert, as well as any root certs needed, to local files on the server}
# keytool -import -trustcacerts -alias root -keystore keystore.jks -file
{Choose yes to install over the present one}
# java -classpath keyexport.jar com.sun.xml.wss.tools.KeyExport -keyfile serverkey.pem -keystore keystore.jks -alias s1as
{Append the signed certificate reply from the CA, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers, to the serverkey.pem file. Append the reply
just below the END PRIVATE KEY marker.}
]# openssl pkcs12 -export -in serverkey.pem -out s1as.pfx
# certutil -D -n s1as -d /config/
# pk12util -i s1as.pfx -d /config/
...      pk12util: PKCS12 IMPORT SUCCESSFUL
---------------------------------------------


This works fine to get the cert in GlassFish, but I am unable to have the cert chained to the root CA as to alleviate the warning messages from the browsers.

PLEASE HELP!!!

Answer : Configuring SSL with Glassfish

Thanks for the response.  However, the whole problem that I was having is that the actual profile being used for this particular installation of GlassFish was Developer and NOT Enterprise as I was led to believe.  Once knew of the profile being used (correct one anyhow), everything worked fine as a different process if followed for SSL as per profile type.