Menu
Today by starting my glassfish I saw an error message about a certificate that has expired...
Can someone help me and say what I can/must do?
Here the message:
... [exec] [exec] [#|2013-08-15T08:57:42.106+0200|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 16ms - bound to [0.0.0.0:1307 6]|#] [exec] [exec] [#|2013-08-15T08:57:42.262+0200|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=1;_ThreadName=Thread-2;|GlassFish Server Open Source Edition 3.1.2.2 (5) startup time : Felix (1'1 23ms), startup services(609ms), total(1'732ms)|#] [exec] [exec] [#|2013-08-15T08:57:42.309+0200|SEVERE|glassfish3.1.2|javax.enterprise.system.ssl.security.com.sun.enterprise.security.ssl.impl|_ThreadID=40;_ThreadName=Thread-2;|SEC5054: Certificate has expired: [ [exec] [ [exec] Version: V3 [exec] Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US [exec] Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 [exec] [exec] Key: Sun RSA public key, 2048 bits [exec] modulus: 237418898293472616608124373663877543854434319738611148654904141538840503317458119685231168476255701465927369352097185652960533868421359855348631579831288127741629980536737464707822524076734022381468699944387 29551246768368782318393878374421033907597162218758024581735139682087126982809511479059100617027892880227587855877479432885604404402435662802390484099065871430585284534529627347717530352189612077130606642676951640071336717026459037 542552927905851171460589361570392199748753414855675665635003335769915908187224347232807336022456537328962095005323382940080676931822787496212635993279098588863972868266229522169377 [exec] public exponent: 65537 [exec] Validity: [From: Fri Aug 14 16:50:00 CEST 1998, [exec] To: Thu Aug 15 01:59:00 CEST 2013] [exec] Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US [exec] SerialNumber: [ 01b6] [exec] [exec] Certificate Extensions: 4 [exec] [1]: ObjectId: 2.5.29.19 Criticality=true [exec] BasicConstraints:[ [exec] CA:true [exec] PathLen:5 [exec] ] [exec] [exec] [2]: ObjectId: 2.5.29.32 Criticality=false [exec] CertificatePolicies [ [exec] [CertificatePolicyId: [1.2.840.113763.1.2.1.3] [exec] [] ] [exec] ] [exec] [exec] [3]: ObjectId: 2.5.29.15 Criticality=true [exec] KeyUsage [ [exec] Key_CertSign [exec] Crl_Sign [exec] ] [exec] [exec] [4]: ObjectId: 2.5.29.14 Criticality=false [exec] SubjectKeyIdentifier [ [exec] KeyIdentifier [ [exec] 0000: 76 0A 49 21 38 4C 9F DE F8 C4 49 C7 71 71 91 9D v.I!8L....I.qq.. [exec] ] [exec] ] [exec] [exec] ] [exec] Algorithm: [SHA1withRSA] [exec] Signature: [exec] 0000: 41 3A D4 18 5B DA B8 DE 21 1C E1 8E 09 E5 F1 68 A:..[...!......h [exec] 0010: 34 FF DE 96 F4 07 F5 A7 3C F3 AC 4A B1 9B FA 92 4.......<..J.... [exec] 0020: FA 9B ED E6 32 21 AA 4A 76 C5 DC 4F 38 E5 DF D5 ....2!.Jv..O8... [exec] 0030: 86 E4 D5 C8 76 7D 98 D7 B1 CD 8F 4D B5 91 23 6C ....v......M..#l [exec] 0040: 8B 8A EB EA 7C EF 14 94 C4 C6 F0 1F 4A 2D 32 71 ............J-2q [exec] 0050: 63 2B 63 91 26 02 09 B6 80 1D ED E2 CC B8 7F DB c+c.&........... [exec] 0060: 87 63 C8 E1 D0 6C 26 B1 35 1D 40 66 10 1B CD 95 .c...l&.5.@f.... [exec] 0070: 54 18 33 61 EC 13 4F DA 13 F7 99 AF 3E D0 CF 8E T.3a..O.....>... [exec] 0080: A6 72 A2 B3 C3 05 9A C9 27 7D 92 CC 7E 52 8D B3 .r......'....R.. [exec] 0090: AB 70 6D 9E 89 9F 4D EB 1A 75 C2 98 AA D5 02 16 .pm...M..u...... [exec] 00A0: D7 0C 8A BF 25 E4 EB 2D BC 98 E9 58 38 19 7C B9 ....%..-...X8... [exec] 00B0: 37 FE DB E2 99 08 73 06 C7 97 83 6A 7D 10 01 2F 7.....s....j.../ [exec] 00C0: 32 B9 17 05 4A 65 E6 2F CE BE 5E 53 A6 82 E9 9A 2...Je./..^S.... [exec] 00D0: 53 0A 84 74 2D 83 CA C8 94 16 76 5F 94 61 28 F0 S..t-.....v_.a(. [exec] 00E0: 85 A7 39 BB D7 8B D9 A8 B2 13 1D 54 09 34 24 7D ..9........T.4$. [exec] 00F0: 20 81 7D 66 7E A2 90 74 5C 10 C6 BD EC AB 1B C2 ..f...t\....... [exec] [exec] ]|#] ... 
530
On the Glassfish Admin console, go to Configurations -> Server Config -> http-listener-2 and: Under the General tab, change the port from 8181 to 443. Under the SSL tab, change the Certificate NickName from s1as to the alias of the main certificate (youralias) (which should be the same as the keystore alias) Save.
Navigate to Security > Machine Certificates and select a certificate to check the expiry date.
If the certificate is expired, the user's browser has no way to validate the server. That means it can't definitively tell you if the website presenting this certificate is its rightful owner. That's going to cause a browser error that says your connection is not secure.
The certificate of GTE Cybertrust Solutions inc has expired this night.
As stated here: https://forums.oracle.com/thread/2563077 the alias of this certificate is: gtecybertrust5ca
As long as it is a standalone Glassfish you can follow this guide: https://blogs.oracle.com/ramkri/entry/sec5054_certificate_has_expired_error
Link on Wayback Machine: https://web.archive.org/web/20140713065413/https://blogs.oracle.com/ramkri/entry/sec5054_certificate_has_expired_error
I have the same problem, but with the embedded Glassfish 3.1.2.2 used by Arquillian. I don't know where the certificates are stored in this embedded setup. Any hints are appreciated.
UPDATE for an embedded setup: To fix the certificate while using an embedded glassfish, just copy a fixed version of the cacerts.jks from the standalone glassfish installation <glassfish_home>/glassfish/domains/<your_domain>/config/cacerts.jks to your resource directory. E.g. when using maven and arquillian, just copy the file to <projectRoot>/src/test/resources/config/cacerts.jks. The embedded glassfish will pick up this configuration!
This is the solution from this post: Arquillian Embedded Glassfish Certificate Expired
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
