users@glassfish.java.net

RE: certificate alias not found

From: Derek Sceats <dsceats_at_silasg.com>
Date: Wed, 1 Jul 2009 09:16:57 -0700

When you are setting up SSL, the CA signed certificate must be a certificate/signing key pair.
When you look in the keystore, "myalias" needs to be listed as a "KeyEntry" and not a "trustedCertEntry".

The normal process to get a CA signed certificate set up would be...
1. generate a new keypair
2. submit a CSR
3. import the class, root and signed certificate back into the keystore
4. validate that your alias is indeed a "keyEntry" and is properly chained
5. go into the Admin Console of the Application Server and change the alias to "myalias"
6. restart the App Server

Hope this helps.

Derek


-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: Wed 7/1/2009 9:03 AM
To: users_at_glassfish.dev.java.net
Subject: certificate alias not found
 
I've added a new certificate to the cert database using the "certutil" tool. I can list all certificates and see its details using the certutil tool.

[code]

~ # certutil -L -d .
rootcert C,C,C
myalias pu,pu,pu
[/code]

When I try and set it up on our Sun Java System App server 8.1, the server cannot find it upon restart. The logs show the message below. I'm not sure how to proceed to resolve this. Thanks.



[code]
[#|2009-07-01T11:36:23.804-0400|SEVERE|sun-appserver-pe8.1_02|javax.enterprise.system.container.web|_ThreadID=10;|WEB0701: Error initializing endpoint
java.io.IOException: Alias name myalias does not identify a key entry
        at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:132)
        at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:96)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:97)
        at com.sun.enterprise.web.connector.grizzly.SelectorThread.initEndpoint(SelectorThread.java:548)
        at com.sun.enterprise.web.connector.grizzly.GrizzlyHttpProtocol.init(GrizzlyHttpProtocol.java:188)
        at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.java:1446)
        at org.apache.catalina.startup.Embedded.start(Embedded.java:899)
        at com.sun.enterprise.web.WebContainer.start(WebContainer.java:707)
        at com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:507)
        at com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:54)
        at com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:300)
        at com.sun.enterprise.server.PEMain.run(PEMain.java:294)
        at com.sun.enterprise.server.PEMain.main(PEMain.java:220)

[#|2009-07-01T11:36:23.807-0400|SEVERE|sun-appserver-pe8.1_02|javax.enterprise.system.core|_ThreadID=10;|Service com.sun.enterprise.web.PEWebContainerLifecycle_at_10a5c37 cannot be started! : com.sun.appserv.server.ServerLifecycleException: WEB0105: An error occurred while starting the web container|#]

...
[/code]
[Message sent by forum member 'black_lotus' (black_lotus)]

http://forums.java.net/jive/thread.jspa?messageID=353789

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net