users@glassfish.java.net

Re: http-listener nicknames

From: <glassfish_at_javadesktop.org>
Date: Tue, 26 Aug 2008 10:16:04 PDT

Thanks for the quick reply; here's what I did.

C:\Sun\SDK\domains\domain1\config>keytool -list -keystore .\keystore.jks
Enter keystore password: changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

s1as, Jul 31, 2008, keyEntry,
Certificate fingerprint (MD5): A3:DB:08:95:61:94:98:BE:8F:68:57:C3:EC:86:A1:12

I then imported the SSL certificate that we had issued for our host name thusly:

C:\Sun\SDK\domains\domain1\config>keytool -import -alias jpl-apps -storepass changeit -file X:\jpl-apps-vm\jpl-apps-server.crt -keystore .keystore -trustcacerts
Owner: CN=jpl-apps.jpl.nasa.gov, OU=OCIO, O=Jet Propulsion Laboratory, L=Pasaden
a, ST=California, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.ver
isign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: 1e87483f9b3865ff65334dd9f9bb2c5c
Valid from: Sun Jul 20 17:00:00 PDT 2008 until: Tue Jul 21 16:59:59 PDT 2009
Certificate fingerprints:
         MD5: 36:5C:AF:4D:E4:77:57:5F:F0:0A:C4:A8:DB:7D:58:EF
         SHA1: 49:FD:92:2D:3B:54:A4:1D:A4:95:5A:1F:F4:9A:60:0A:30:CB:08:BA
Trust this certificate? [no]: yes
Certificate was added to keystore

C:\Sun\SDK\domains\domain2\config>keytool -list -keystore .\keystore.jks
Enter keystore password: changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

jpl-apps, Aug 25, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 36:5C:AF:4D:E4:77:57:5F:F0:0A:C4:A8:DB:7D:58:EF
s1as, Jul 31, 2008, keyEntry,
Certificate fingerprint (MD5): A3:DB:08:95:61:94:98:BE:8F:68:57:C3:EC:86:A1:12

I then modified the domain.xml file to change the cert-nickname in the ssl container
to match the alias that I used to import the cert into the keystore, namely, jpl-apps

        <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id="http-listener-2" port="2789" security-enabled="true" server-name="" xpowered-by="true">
          <ssl cert-nickname="jpl-apps" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true" tls-rollback-enabled="true"/>
        </http-listener>

What happens is that after I restart glassfish, it is not listening on port 2789, as there is
no response; there are no obvious error messages in the jvm.log or the server.log.

Would there be any other log files that I should look in to find errors?

Thanks!
[Message sent by forum member 'pward' (pward)]

http://forums.java.net/jive/thread.jspa?messageID=295424