I'm having an issue logging in to the admin console for Glassfish 3.1.2 on one of four identically (at least that's the theory) configured domains on different servers. When I log in on the one that's not working, I get redirected to a blank page at:
https://{server}:{admin port}/j_security_check
It is accompanied by this log message:
[#|2013-02-18T09:58:02.912-0500|SEVERE|glassfish3.1.2|org.glassfish.admingui|_ThreadID=20;_ThreadName=Thread-2;|javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed; javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed; restRequest: endpoint=https://localhost:9048/management/domain/anonymous-user-enabled attrs={} method=GET|#]
Other information:
I have secure administration enabled, and the anonymous user disabled.
I can request https://{server}:{admin port}/management/domain using the same user/password and successfully pull up the REST interface. Requesting /management/domain/enable-anonymous-user does trigger the same problem (blank page, logged error).
I can run "asadmin -p {admin port}" with the same user/password and successfully run command line commands.
I seem to remember tracking this down at one point to the admin console attempting to pull in a file from a server on the sun.com domain, for which the SSL certificate had expired, but I can't seem to find the solution I applied at the time.
I've attempted to use the cacerts.jks file from one of the servers that's working, and that hasn't helped.
The expiration date on my s1as cert in keystore.jks is still 8 years out.
The date/time on the server is set correctly.
Thanks for any suggestions.
Steve
I've had this happen to me when I enable "Default Principal To Role Mapping":
After I enable this and restart the domain, I'm never able to login again. I had to change the following line on domain.xml (with the domain stopped) :
<security-service default-principal-password="admin" activate-default-principal-to-role-mapping="true" default-principal="admin">
to this:
<security-service>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With