users@glassfish.java.net

Re: Sun's Certificate supplied with Glassfish has expired !

From: <glassfish_at_javadesktop.org>
Date: Mon, 18 Jan 2010 04:38:26 PST

The certificate seems to be copied into the domain config from the JDK when the
Glassfish domain is created, so eventually will need to remove it from both the
domain and from the JDK to ensure that this error will not return.

Also, you cannot perform operations on the keystore unless you have a
"master password" set up.
We had it set to an empty string, which keytool will not accept.

Here is what I just had to do to fix this in our Glassfish v2.1 development domains:

1) Set your PATH for the appropriate JDK
$ PATH=/opt/glassfish/jdk/bin:/opt/glassfish/bin:$PATH

2) Stop Glassfish
$ asadmin stop-domain --domaindir=/path/to/domainparentdir domainName

3) Set a master password for the domain keystore
$ asadmin change-master-password --savemasterpassword=true --domaindir=/path/to/domainparentdir

4) Delete the offending certificate
$ keytool -delete -v -alias verisignserverca -keystore /path/to/domaindir/config/cacerts.jks
Enter keystore password: <your new master password>

5) Start the glassfish domain as usual
$ asadmin start-domain --domaindir=/path/to/domainparentdir domainName
[Message sent by forum member 'edrandall' (ed.randall_at_ingenotech.com)]

http://forums.java.net/jive/thread.jspa?messageID=381538