Certificado Glassfish 4.0 SSL de Thawte

I have some problems with my GF4 and SSL.

I have installed GF4 and made every change listed at este tutorial

Everything went fine but now that I want to use the GF Server online and on an pruductiv enviroment, I want to change the SSL Cert to a bought one. I already bought a SSL123 Thawte SSL Cert which is just Domain signed (should be enough for starters). Now I have the .key the .csr and .crt file. I already looked up, how to import a given Key and CRT File into an existing Keystore. (using openssl and producing and p12 file)

Now if I just stop the GF domain and erase the two alias "s1as" and "glassfish-instance" and import the new SSL Cert under this alias, I cannot start the domain again. I get the following two errors in the server.log:

[2014-05-28T14:33:55.105+0200] [glassfish 4.0] [WARNING] [] [org.glassfish.grizzly.config.SSLConfigurator] [tid: _ThreadID=28 _ThreadName=http-listener-2(4)] [timeMillis: 1401280435105] [levelValue: 900] [[
  GRIZZLY0050: SSL support could not be configured!
java.io.IOException: A MultiException has 2 exceptions.  They are:
1. java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
2. java.lang.IllegalStateException: Unable to perform operation: post construct on com.sun.enterprise.security.ssl.SSLUtils

    at org.glassfish.grizzly.config.ssl.JSSE14SocketFactory.init(JSSE14SocketFactory.java:162)
    at org.glassfish.grizzly.config.SSLConfigurator.initializeSSLContext(SSLConfigurator.java:249)
    at org.glassfish.grizzly.config.SSLConfigurator.configureSSL(SSLConfigurator.java:131)
    at org.glassfish.grizzly.config.SSLConfigurator$InternalSSLContextConfigurator.createSSLContext(SSLConfigurator.java:389)
    at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:180)
    at org.glassfish.grizzly.ssl.SSLBaseFilter$SSLTransportFilterWrapper.handleRead(SSLBaseFilter.java:968)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
    at java.lang.Thread.run(Thread.java:745)
]]

 [2014-05-28T14:33:55.124+0200] [glassfish 4.0] [WARNING] [] [org.glassfish.grizzly.filterchain.DefaultFilterChain] [tid: _ThreadID=28 _ThreadName=http-listener-2(4)] [timeMillis: 1401280435124] [levelValue: 900] [[
  Exception during FilterChain execution
java.lang.NullPointerException
    at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:185)
    at org.glassfish.grizzly.ssl.SSLBaseFilter$SSLTransportFilterWrapper.handleRead(SSLBaseFilter.java:968)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
    at java.lang.Thread.run(Thread.java:745)
]]

I already have tried other configurations, changed the Cert Password, changed the master-Password but I cannot get this to work... I hope someone can give me the right way to look at.

Muchas Gracias

Edit 1: I used the SSL Cert on my Apache2.2. Everything works nice there.

preguntado el 28 de mayo de 14 a las 13:05

1 Respuestas

This is most likely a password issue. In a staging environment you can try to set all passwords (including master password for the server) to be the same. Note that this is a bad idea in a production environment! You can also try vm options to specify different passwords to be used for the key.

contestado el 08 de mayo de 15 a las 03:05

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.