aspose file tools*
The moose likes Tomcat and the fly likes SSL cert upgrade on GF 2.0 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL cert upgrade on GF 2.0" Watch "SSL cert upgrade on GF 2.0" New topic
Author

SSL cert upgrade on GF 2.0

lance raymond
Greenhorn

Joined: Sep 02, 2011
Posts: 1
I didn't see a glassfish section, but saw the bulk of the q's in the Tomcat so will post it here. We have a GlassFish 2.0 server running and the cert expires in a week and the original person is no longer here. I'm a linux guy new to Java, so I am following these commands http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html along with the rapidSSL site and thought I was good.

Running thought the list, I have the original keystore.jks file which expires in a week. I made a new file, newkey.jks, created the csr, got the 2 certificates (ROOT and intermediate) and added them both. I can use the following to verify;

keytool -list -v -keystore newkey.jks -alias myalias and get the info (this is just the top);

Alias name: myalias
Creation date: Sep 2, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=api.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT06273877, O=api.mydomain.com, C=US, SERIALNUMBER=uqovQ4SFeb-FcCu5KrGxbRef3IomKkVc
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Serial number: 2fea8
Valid from: Tue Aug 30 22:56:35 EDT 2011 until: Fri Nov 01 03:05:11 EDT 2013


So looking at the above, all seemed correct. I went to the default domain.xml file and made the 2 changes to the file path for the new keystore and restared. The 1st time it died instantly with the server.log spitting out the following;
Caused by: java.lang.IllegalStateException: Keystore was tampered with, or password was incorrect

So I looked a bit more, and read how the original password was probably still there, so I issued a password reset to the default password and restared again. This time I got the following error;

Caused by: java.lang.IllegalStateException: java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)



So that is where I am stuck and not enough knowledge on what to do from here. Ironically the java.net forums was both slow and even better, I registered, confirmed, logged in, then on the message board, you can't create a new message as it says you must be logged in. YOu click the login icon and get a "your already logged in" ... classic!

So with that, I am not sure if I should look into adding the updated certificate to the current keystore (not sure if that can even be done), or figuring out what the above is and how to get past it. Any help, commands I can provide, etc. please let me know as time is ticking for me!

Thanks.
 
wood burning stoves
 
subject: SSL cert upgrade on GF 2.0