users@glassfish.java.net

Re: Problem with GF and SSL: IE accepts certificate but Firefox doesn't

From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Mon, 07 Jan 2008 12:38:50 -0500

Hi,

might be a bug in GlassFish. Can you switch your https port to listen
using blocking socket? Just edit
${glassfish.home}/domains/domain1/config/domain.xml and set the
blocking-enabled="true":

  <http-listener acceptor-threads="1" address="0.0.0.0"
blocking-enabled="true" default-virtual-server="server" enabled="true"
family="inet" .... >

and see if that works. Also what is your current ssl element
configuration under your https lister (look for something like:

  <ssl cert-nickname="s1as" client-auth-enabled="false"
ssl2-enabled="false" ssl3-enabled="false" tls-enabled="true"
tls-rollback-enabled="tr
ue"/>

Thanks

-- Jeanfrancois

glassfish_at_javadesktop.org wrote:
>> Just a thought, but to confirm / clear whether its a
>> glassfish issue, have you tried taking the same
>> certificate and importing it into say SunOne Web,
>> Apache or IIS and see everything works as expected?
>
> No I did not yet try this, but this is a good suggestion, I will see whether I can set up the certificate with Apache.
>
>> I checked out your cert in Firefox 2 and IE 6 and the
>> Issuer is different across the two. I don't know if
>> thats because I'm not receiving the intermediate or
>> its just a difference in the browsers.
>
> I switched the certificate intermediately back to the default one that comes with Glassfish, but as far as I remember this was before I posted this thread, so it would be very strange to get different issuers of the certificate...
>
>> Also, just for my own curiosity, do you not have any
>> plans to front-end your app tier with a web-tier?
>
> I have a web-tier which is implemented with the Magnolia CMS, and a web application implemented with JSF. Because I will run the site in a memory-constrained environment (virtual server with 400 MB physical RAM) I'm leaving out anything unnecessary, including Apache. What you currently see is the Magnolia login dialog. Because I'm still building and testing the site I have protected it with a password.
>
>> HTH,
>>
>> Andrew
>
> Thanks
> Stephan
> [Message sent by forum member 'smuehlst' (smuehlst)]
>
> http://forums.java.net/jive/thread.jspa?messageID=252151
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>