Skip to main content

Glassfisch 3.1.2 problem installing SSL-certificate

2 replies [Last post]
manfredcuntz
Offline
Joined: 2013-04-02
Points: 0

Hello,

since two weeks i am trying to install a SSL-certificate on glassfish 3.1.2 without success. I followed a lot of slightly different tuts from the net including the one from oracle.

I tried to install several self signed certificates as well as one from commodo and one from start.com. Always the same result:

With the built in certificate alias "s1as" all is working fine. But with new installed certificates the browser don't show anything. Firefox complains the connection is interrupted chrome says "Fehler 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL-Protokollfehler"

In the server log with javax.enterprise.system.ssl.security and javax.enterprise.system.core.security set to FINEST I get about 15 entries in the logfile:

"[#|2013-04-02T17:01:22.739+0200|FINE|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security.ssl|_ThreadID=6456;_ThreadName=Thread-2;ClassName=com.sun.enterprise.security.ssl.J2EEKeyManager;MethodName=getPrivateKey;|Getting private key for alias:websrv-test|#]"

All the same.

Now I hope, anyone can help me with this topic.

Best regards,
Manfred

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
netmackan
Offline
Joined: 2005-06-26
Points: 0

Could you post the link to the tutorial you have followed?
Have you imported the key-pair and certificate into the default keystore.jks or have you pointed out a different keystore?
Does the keystore contain an entry with the alias called "websrv-test"?
You can check with keytool, something like:
keytool -list -keystore /opt/glassfish3.1/glassfish/domains/domain1/config/keystore.jks
And then add "-v" to also see the certificates.

Best regards,
Markus

manfredcuntz
Offline
Joined: 2013-04-02
Points: 0

netmackan wrote:
Could you post the link to the tutorial you have followed?

For example this:
http://artur.ejsmont.org/blog/content/how-to-generate-self-signed-ssl-ce...

with the self signed key and this:
http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-...

with the comodo certificate. But some tried others also.

netmackan wrote:
Have you imported the key-pair and certificate into the default keystore.jks or have you pointed out a different keystore?

I have tried keystore.jks and also new keystore files like server.keystore etc.

netmackan wrote:
Does the keystore contain an entry with the alias called "websrv-test"?

Yes and also the server names of the other servers. I tried one on windows 8, centos and debian. There must be a very silly mistake which I always make. But i cannot imagine what.

Best regards,
Manfred