Importing a Certificate into Glassfish and Changing the Master Password

Question

I have been attempting to help one of our sites with an error message they are getting while using an application that uses Glassfish. When signing into the application, the following errors are thrown:

CommunicationException: An error occurred while making the HTTP request to . This could be due to the fact that the server certificate is notconfigured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

In Server.log, the following is displayed:

0400|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=287;_ThreadName=Thread-1;|Failed to load keystore type JKS with path C:\glassfishv3\glassfish\domains\domain1/config/keystore.jks due to Keystore was tampered with, or password was incorrect java.io.IOException: Keystore was tampered with, or password was incorrect

The site is only experiencing this problem when they change the glassfish master password. When the master password is left as its default setting, everything works correctly. The default master password is "changeit".

Additionally, the site generates and imports a certificate for use with glassfish. The following are the steps that are performed, in order, for generating a certificate and changing the password:

Stopped Glassfish service.
Opened MMC.MSC: Action --> All Tasks --> Request New Certificate
From the Certificate Enrollment wizard, chose a Computer type certificate. Click Properties Button and configure certificate. It gets a friendly name of "s1as" and an exportable private key of key size 2048. Private key is exported as a pfx file and certificate is exported as a cer file. The files are saved in the glassfish config folder. Details about this process available if needed.
DOS prompt opened and this command is run inside the glassfish config folder: keytool -delete -alias s1as -keystore keystore.jks -storepass changeit
Following command is run: keytool -import -v -trustcacerts -alias -file root.cer -keystore cacerts.jks -storepass changeit

Answered "Y" to trust the certificate.

Ran the following command to replace the original self-signed certificate with the pfx one. keytool -importkeystore -srckeystore .pfx -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

Entered password, and a success message appears afterwards that 1 entry was succesfully imported.

Ran this command: keytool -list -keystore keystore.jks -rfc

A lot of output is produced, including a long Alias name. Thsi long alias is used in the next command.

Ran the following command: keytool -changealias -alias "" -destalias "s1as" -keypass changeit -keystore keystore.jks -storepass changeit
Ran the following command in asadmin: change-master-password --savemasterpassword=true Entered Current password of "changeit" Entered new password of 123456 Re-entered 123456. Success message that master password changed succesfully.
1. Started glassfish service

In my local testing, this procedure has worked and I am able to use the application with no errors. But on the site I am aiding, when they follow the same process, they receive the errors I listed at the top of this message.

My specific questions:

Could the site's certificate be causing this problem? If so, is there a way I could test that the certificate is the issue?

What other things might potentially be generating the errors? Could the "change-master-password" command not be properly changing the password, or could there be something else that needs to have the password changed as well?

Importing a Certificate into Glassfish and Changing the Master Password

Answers (1)

Related Questions