Some of the SSL-related web unit tests have been failing (on the
client) with this error:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
No trusted certificate found
The client loads domains/domain1/config/cacerts.jks as its SSL trust store.
I've noticed that the entry for "s1as" in cacerts.jks is stale, i.e.,
differs from the entry for "s1as" in domains/domain1/config/keystore.jks:
cacerts.jks:
s1as, Jan 26, 2007, trustedCertEntry,
Certificate fingerprint (MD5):
49:1D:52:BE:B4:B4:43:E5:F8:91:5A:AA:FD:33:75:3A
keystore.jks:
s1as, Sep 12, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5):
00:E5:5D:1F:07:CC:99:9F:CF:68:0E:AD:29:43:E0:48
Notice the different fingerprints, which explains why the client fails
to authenticate
the server.
This is for an out-of-the-box installation of GlassFish v3.
Is this a known issue?
Thanks,
Jan