Reputation: 4868
How to install a SSL certificate from CAcert.org into GlassFish v3
I am trying to enable ssl on my internet glassfish server using my own CAcert.org certificate. I followed the introduction from Masoud Kalali : http://weblogs.java.net/blog/kalali/archive/2010/02/27/how-install-godaddy-certificate-your-glassfish-v3
But after all when I try to connect to my ssl port I got the server error message posted below. Can anybody help me please what the message "SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled." means?. Could it be possible that a certificate created with CAcert.org is not accapteble for glassfish?
[#|2012-03-20T16:21:00.289+0100|WARNING|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:237)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
... 14 more
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=19;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
|#]
Thanks for any help
Ralph
Upvotes: 3
Views: 3213
Answers (1)
Reputation: 87
at the end of all instructions provided by blog link you wil have smth.jks.
keytool -list -keystore smth.jks will list your cetificate as PrivateEntryKey
There is another PrivateEntryKey : s1as in original /domain/domain1/config/keystore.jks
I guess s1as is used by glassfish and when it is not here the server does not start.
S0, you have to include s1as and your signed certiface both to original keystore.jks as PrivateEntryKey.
But it is not possible to import them separately. If you will try to export PrvateEntryKey from smth.jks, delete it and reimport it then you will found it as trusted certificate. The reason to issue is keytoll can export only self signed part of PrivateEntryKey.
You have to import smth.jks to keytore.jks at once.
keytool -importkeystore -srckeystore smth.jks -destkeystore keystore.jks
also if your smth.jks keystore password is not "changeit" then you have to change master passwrd on glassfish
keytool -keypasswd -alias s1as -keypass changeit -new 12345678 -keystore keystore.jks
then asadmin change-master-password --savemasterpassword=true
by taking into account the above mentioned I succesfully configured SSL in glassfish 2.1
hope it will help you too
Upvotes: 3
Related Questions
- Glassfish no response on HTTPS after installing SSL-certificates
- glassfish SSLHandshakeException: Received fatal alert: unknown_ca
- import ssl certificate in Glassfish
- Why this certificate error in Glassfish 4.1?
- Cannot setup SSL with Glassfish
- SSL certificate imported on Glassfish Server, but the browser is showong error for https URL
- Glassfish 3 and import signed SSL certificate issue
- Java: method cannot find cert path -- what do I need to set?
- glassfish v3 "unable to find valid certification path to requested target"
- glassfish 3.1.1 import ssl certificates