Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

glassfish 3.1.1 import ssl certificates

Tags:

glassfish

glassfish-3

i`m trying to install some SSL certificates bought from godaddy.com. I found some tutorials like this one:
http://www.denizoguz.com/2011/01/02/installing-godaddy-ssl-certificates-on-glassfish-v3-step-by-step/
My certificates were generated a year ago for apache http server, so i followed the tutorial from step 3.
I have imported these files in keystore.jks, i have replaced all occurrences of s1as with my certificate nickname in domain.xml, i have restarted the domain, but when i try to access something over ssl i get this in glassfish logs: 

    [#|2011-10-04T16:02:52.972+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
        at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
        at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
        at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
        at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
        at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
        at java.lang.Thread.run(Thread.java:679)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
        at sun.security.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:327)
        at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:272)
        at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
        ... 14 more
|#]

[#|2011-10-04T16:02:52.976+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
        at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
        at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
        at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
        at java.lang.Thread.run(Thread.java:679)
|#]

any idea what i am doing wring ???

yes, i think that the problem resigns in the fact that my certificates are for apache http. I found this tutorial
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore
that explains how to convert these certificates, but this does not seems to solve my problem eighter

updates, after i followed this tutorial agentbob.info/agentbob/79-AB.html, now i get 

[#|2011-10-05T13:18:47.853+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: injection failed on com.sun.enterprise.security.ssl.SSLUtils.secSupp with class com.sun.enterprise.server.pluggable.SecuritySupport
        at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:188)
        at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
        at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
        at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
        at java.lang.Thread.run(Thread.java:679)
|#]

[#|2011-10-05T13:18:47.859+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
        at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
        at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
        at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
        at java.lang.Thread.run(Thread.java:679)
|#]

another update
it seems that if a change the password from importkey to changeit i get this error :

[#|2011-10-05T13:29:17.210+0300|SEVERE|glassfish3.1.1|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=20;_ThreadName=Thread-50;|java.security.UnrecoverableKeyException: Cannot recover key
java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
        at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:159)
        at com.sun.enterprise.security.ssl.SSLUtils.postConstruct(SSLUtils.java:125)
        at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:131)
        at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
        at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
        at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
        at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
        at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
        at org.jvnet.hk2.component.Habitat.getBy(Habitat.java:1048)
        at org.jvnet.hk2.component.Habitat.getByType(Habitat.java:1029)
        at com.sun.hk2.component.InjectInjectionResolver.getComponentInjectValue(InjectInjectionResolver.java:159)
        at com.sun.hk2.component.InjectInjectionResolver.getValue(InjectInjectionResolver.java:90)
        at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:141)
        at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:91)
        at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:126)
        at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
        at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
        at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
        at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
        at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
        at com.sun.enterprise.security.SecuritySniffer.setup(SecuritySniffer.java:109)
        at com.sun.enterprise.v3.server.ContainerStarter.startContainer(ContainerStarter.java:116)
        at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainer(ApplicationLifecycle.java:944)
        at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainerInfos(ApplicationLifecycle.java:652)
        at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:368)
        at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:375)
        at com.sun.enterprise.v3.admin.adapter.InstallerThread.load(InstallerThread.java:210)
        at com.sun.enterprise.v3.admin.adapter.InstallerThread.run(InstallerThread.java:108)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
        at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
        at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
        at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
        at java.security.KeyStore.getKey(KeyStore.java:779)
        at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
        at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
        at com.sun.enterprise.security.ssl.impl.SecuritySupportImpl.getKeyManagers(SecuritySupportImpl.java:290)
        at com.sun.enterprise.security.ssl.SSLUtils.getKeyManagers(SSLUtils.java:197)
        at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:147)
        ... 27 more
|#]
like image 650
Videanu Adrian Avatar asked Oct 04 '11 13:10

Videanu Adrian

People also ask

How do I enable SSL on my GlassFish server?

To enable the certificate via the GlassFish Administration Console, enter this menu: Configurations >> server-config >> HTTP Service >> HTTP Listeners >> http-listener-2: Switch to the SSL tab, enter your certificate alias myalias as the Certificate NickName, and click Save:

How do I install my certificate on GlassFish?

After your certificate is activated and issued, you can proceed with its installation on GlassFish. Since GlassFish uses keystores (.jks files), the certificate files need to be imported into the keystore with the corresponding private key before installation. For this, you will need to locate the keystore that was used to generate the CSR.

How do I change the default certificate alias used by GlassFish?

Open the file with your preferred text editor and locate any reference to s1as, which is the default certificate alias used by GlassFish. s1as should be replaced with myalias,our certificate alias. If the file contains references to port 8181, you can also update them to 443:

How do I install a CSR in GlassFish?

Since GlassFish uses keystores (.jks files), the certificate files need to be imported into the keystore with the corresponding private key before installation. For this, you will need to locate the keystore that was used to generate the CSR. This keystore is the only one that contains the private key for your certificate.

1 Answers

You should ensure that the keystore password matches the Glassfish master password (which is not the admin password).

Here is a tutorial how to change the master password for GF 3.1

like image 95
Matt Handy Avatar answered Nov 05 '22 15:11

Matt Handy
Sign in to Comment

Related questions

Manually Changing Glassfish domain.xml for Debug Error
client for remote JMS queue
No web.xml in Eclipse + Glassfish v3?
How to handle database crashes (Glassfish/MySQL)?
java.lang.IllegalStateException: Attempting to execute an operation on a closed EntityManagerFactory
IIOP Client Authentication and ProgrammaticLogin in Glassfish v3
How to define a test datasource for an embedded EJB container
Warning when deploying Apache Camel application
GlassFish 4.1 startup warnings: javax.ejb.PostActivate & javax.ejb.PrePassivate not found
JCA Glassfish to JBoss/Wildfly
Where to put external libs in Glassfish
/faces/index.xhtml Not Found in ExternalContext as a Resource in Glassfish
Why isn't a jdbc connection pool created?
Deploying a maven EAR application through netbeans to glassfish fails
Many warnings while deploy glassfish v3
This web container has not yet been started @Glassfish 4.0.01 web
How to deploy multiple copies of same application on Glassfish server?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!