Jan,
Can you do an asadmin create-domain and run the failing tests and
let me know if they succeed?
IMO, the bundled domain contains some random stuff as far as I know.
If the create-domain stuff works, the plan is to call that during the
build, so we have certs that are current and correct at least as far
as build time is concerned.
I think you should file this as a bug on build system.
-Kedar
Jan Luehe wrote:
> Some of the SSL-related web unit tests have been failing (on the
> client) with this error:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException:
> No trusted certificate found
>
> The client loads domains/domain1/config/cacerts.jks as its SSL trust store.
> I've noticed that the entry for "s1as" in cacerts.jks is stale, i.e.,
> differs from the entry for "s1as" in domains/domain1/config/keystore.jks:
>
> cacerts.jks:
> s1as, Jan 26, 2007, trustedCertEntry,
> Certificate fingerprint (MD5):
> 49:1D:52:BE:B4:B4:43:E5:F8:91:5A:AA:FD:33:75:3A
>
> keystore.jks:
> s1as, Sep 12, 2008, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> 00:E5:5D:1F:07:CC:99:9F:CF:68:0E:AD:29:43:E0:48
>
> Notice the different fingerprints, which explains why the client fails
> to authenticate
> the server.
>
> This is for an out-of-the-box installation of GlassFish v3.
>
> Is this a known issue?
>
> Thanks,
>
> Jan
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>