Menu
i`m trying to install some SSL certificates bought from godaddy.com. I found some tutorials like this one:
http://www.denizoguz.com/2011/01/02/installing-godaddy-ssl-certificates-on-glassfish-v3-step-by-step/
My certificates were generated a year ago for apache http server, so i followed the tutorial from step 3.
I have imported these files in keystore.jks, i have replaced all occurrences of s1as with my certificate nickname in domain.xml, i have restarted the domain, but when i try to access something over ssl i get this in glassfish logs:
[#|2011-10-04T16:02:52.972+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at sun.security.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:327)
at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:272)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
... 14 more
|#]
[#|2011-10-04T16:02:52.976+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
any idea what i am doing wring ???
yes, i think that the problem resigns in the fact that my certificates are for apache http. I found this tutorial
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore
that explains how to convert these certificates, but this does not seems to solve my problem eighter
updates, after i followed this tutorial agentbob.info/agentbob/79-AB.html, now i get
[#|2011-10-05T13:18:47.853+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: injection failed on com.sun.enterprise.security.ssl.SSLUtils.secSupp with class com.sun.enterprise.server.pluggable.SecuritySupport
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:188)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
[#|2011-10-05T13:18:47.859+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
another update
it seems that if a change the password from importkey to changeit i get this error :
[#|2011-10-05T13:29:17.210+0300|SEVERE|glassfish3.1.1|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=20;_ThreadName=Thread-50;|java.security.UnrecoverableKeyException: Cannot recover key
java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:159)
at com.sun.enterprise.security.ssl.SSLUtils.postConstruct(SSLUtils.java:125)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:131)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
at org.jvnet.hk2.component.Habitat.getBy(Habitat.java:1048)
at org.jvnet.hk2.component.Habitat.getByType(Habitat.java:1029)
at com.sun.hk2.component.InjectInjectionResolver.getComponentInjectValue(InjectInjectionResolver.java:159)
at com.sun.hk2.component.InjectInjectionResolver.getValue(InjectInjectionResolver.java:90)
at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:141)
at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:126)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
at com.sun.enterprise.security.SecuritySniffer.setup(SecuritySniffer.java:109)
at com.sun.enterprise.v3.server.ContainerStarter.startContainer(ContainerStarter.java:116)
at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainer(ApplicationLifecycle.java:944)
at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainerInfos(ApplicationLifecycle.java:652)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:368)
at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:375)
at com.sun.enterprise.v3.admin.adapter.InstallerThread.load(InstallerThread.java:210)
at com.sun.enterprise.v3.admin.adapter.InstallerThread.run(InstallerThread.java:108)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:779)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at com.sun.enterprise.security.ssl.impl.SecuritySupportImpl.getKeyManagers(SecuritySupportImpl.java:290)
at com.sun.enterprise.security.ssl.SSLUtils.getKeyManagers(SSLUtils.java:197)
at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:147)
... 27 more
|#]
650
To enable the certificate via the GlassFish Administration Console, enter this menu: Configurations >> server-config >> HTTP Service >> HTTP Listeners >> http-listener-2: Switch to the SSL tab, enter your certificate alias myalias as the Certificate NickName, and click Save:
After your certificate is activated and issued, you can proceed with its installation on GlassFish. Since GlassFish uses keystores (.jks files), the certificate files need to be imported into the keystore with the corresponding private key before installation. For this, you will need to locate the keystore that was used to generate the CSR.
Open the file with your preferred text editor and locate any reference to s1as, which is the default certificate alias used by GlassFish. s1as should be replaced with myalias,our certificate alias. If the file contains references to port 8181, you can also update them to 443:
Since GlassFish uses keystores (.jks files), the certificate files need to be imported into the keystore with the corresponding private key before installation. For this, you will need to locate the keystore that was used to generate the CSR. This keystore is the only one that contains the private key for your certificate.
You should ensure that the keystore password matches the Glassfish master password (which is not the admin password).
Here is a tutorial how to change the master password for GF 3.1
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
