On 03/23/09 12:25 PM, Kedar Mhaswade wrote:
> Jan,
>
> Can you do an asadmin create-domain and run the failing tests and
> let me know if they succeed?
>
> IMO, the bundled domain contains some random stuff as far as I know.
>
> If the create-domain stuff works, the plan is to call that during the
> build, so we have certs that are current and correct at least as far
> as build time is concerned.
Thanks, Kedar!
After running asadmin create-domain, the cert fingerprints in cacerts.jks
and keystore.jks match.
>
> I think you should file this as a bug on build system.
>
Will do!
Jan
> -Kedar
>
> Jan Luehe wrote:
>> Some of the SSL-related web unit tests have been failing (on the
>> client) with this error:
>>
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException:
>> No trusted certificate found
>>
>> The client loads domains/domain1/config/cacerts.jks as its SSL trust
>> store.
>> I've noticed that the entry for "s1as" in cacerts.jks is stale, i.e.,
>> differs from the entry for "s1as" in
>> domains/domain1/config/keystore.jks:
>>
>> cacerts.jks:
>> s1as, Jan 26, 2007, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 49:1D:52:BE:B4:B4:43:E5:F8:91:5A:AA:FD:33:75:3A
>>
>> keystore.jks:
>> s1as, Sep 12, 2008, PrivateKeyEntry,
>> Certificate fingerprint (MD5):
>> 00:E5:5D:1F:07:CC:99:9F:CF:68:0E:AD:29:43:E0:48
>>
>> Notice the different fingerprints, which explains why the client
>> fails to authenticate
>> the server.
>>
>> This is for an out-of-the-box installation of GlassFish v3.
>>
>> Is this a known issue?
>>
>> Thanks,
>>
>> Jan
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>