users@glassfish.java.net

Re: Problem with GF and SSL: IE accepts certificate but Firefox doesn't

From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Tue, 08 Jan 2008 10:59:28 -0500

Hi,

glassfish_at_javadesktop.org wrote:
> Hello Jeanfrancois,
>
>> ...
>> might be a bug in GlassFish. Can you switch your
>> https port to listen
>> using blocking socket? Just edit
>> ${glassfish.home}/domains/domain1/config/domain.xml
>> and set the
>> blocking-enabled="true":
>>
>> <http-listener acceptor-threads="1"
>> address="0.0.0.0"
>> locking-enabled="true"
>> default-virtual-server="server" enabled="true"
>> family="inet" .... >
>>
>> and see if that works. Also what is your current ssl
>> element
>> configuration under your https lister (look for
>> something like:
>>
>
> I made the proposed change, restarted Glassfish and visited again https://www.pluginsmithy.com:8181 with Firefox 2.0.0.11 on Linux. The symptoms haven't change, the certificate is still not recognized.
>
> This are the current settings for the https listener in my domain.xml (I believe I haven't changed anything from the defaults except the "cert-nickname"):
>
> <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="true" default-virtual-server="server" enabled="true" family="inet" id="http-listener-2" port="8181" security-enabled="true" server-name="" xpowered-by="true">
> <ssl cert-nickname="pluginsmithy" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true" tls-rollback-enabled="true"/>
> </http-listener>
>
> Can I do anything else to troubleshoot this?

Hum....I would have liked the blocking mode to work so it would have
been easy to fix. Now since the two mode are failing, this is a little
more complicated. Before filling a bug, one last try: can you add, in
domain.xml:

-Dcom.sun.enterprise.web.connector.useCoyoteConnector=true

if that doesn't work, can you file a bug:

https://glassfish.dev.java.net/servlets/ProjectIssues

(category security). Try to enter as much as information that you have
so we can easily reproduce the problem.

Thanks

--Jeanfrancois

>
> Thanks
> Stephan
> [Message sent by forum member 'smuehlst' (smuehlst)]
>
> http://forums.java.net/jive/thread.jspa?messageID=252560
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.