Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Glassfish Admin Console loading blank page

Tags:

ssl

console

glassfish

admin

I'm having an issue logging in to the admin console for Glassfish 3.1.2 on one of four identically (at least that's the theory) configured domains on different servers. When I log in on the one that's not working, I get redirected to a blank page at:

https://{server}:{admin port}/j_security_check

It is accompanied by this log message:

[#|2013-02-18T09:58:02.912-0500|SEVERE|glassfish3.1.2|org.glassfish.admingui|_ThreadID=20;_ThreadName=Thread-2;|javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed; javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed; restRequest: endpoint=https://localhost:9048/management/domain/anonymous-user-enabled attrs={} method=GET|#]

Other information:

I have secure administration enabled, and the anonymous user disabled.

I can request https://{server}:{admin port}/management/domain using the same user/password and successfully pull up the REST interface. Requesting /management/domain/enable-anonymous-user does trigger the same problem (blank page, logged error).

I can run "asadmin -p {admin port}" with the same user/password and successfully run command line commands.

I seem to remember tracking this down at one point to the admin console attempting to pull in a file from a server on the sun.com domain, for which the SSL certificate had expired, but I can't seem to find the solution I applied at the time.

I've attempted to use the cacerts.jks file from one of the servers that's working, and that hasn't helped.

The expiration date on my s1as cert in keystore.jks is still 8 years out.

The date/time on the server is set correctly.

Thanks for any suggestions.

Steve

like image 398
Steve Ferguson Avatar asked Feb 18 '13 15:02

Steve Ferguson

1 Answers

I've had this happen to me when I enable "Default Principal To Role Mapping":

Default Principal To Role Mapping

After I enable this and restart the domain, I'm never able to login again. I had to change the following line on domain.xml (with the domain stopped) :

<security-service default-principal-password="admin" activate-default-principal-to-role-mapping="true" default-principal="admin">

to this:

<security-service>
like image 116
Gus Avatar answered Oct 31 '22 12:10

Gus
Sign in to Comment

Related questions

Enable TLS and Disable SSL via PowerShell script
Using GitHub API from Indy in Delphi
Can We use Multiple AWS ACM Certificates at Nginx-Ingress-Contoller OR Multiple ACM certificate at Ingress object level?
python-requests how to send cipher name/http2
Is there an easy way to test SSL protected webpages in Development server, using Django?
How much data is leaked from SSL connection?
Any tool available to detect what's not HTTPS on an encrypted page?
Auto enter pass phrase in case of Python ssl Client/Server
Securing Cassandra communication with TLS/SSL
only use ssl on login? or whole site?
Can browsers connect to a proxy over SSL/TLS?
How does WCF + SSL working with load balancing?
How to make 'simple SSL' thru Web Services?
Facebook Secure Canvas URL Requirement and Legacy Applications
Protocol-relative URL in CSS for multiple subdomains
Is there referrer header while using SSL?
Using MySqlConnection (.NET) to SSL connect to MySql-server fails from certain clients
Android - converting pkcs12 certificate string to x509 certificate object for bks keystore
How do you upload files directly to S3 over SSL?
Indy 9 + Delphi 2007 latest SSL Libraries available?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!