users@glassfish.java.net

Re: Glassfish 3.1 SSL issues

From: Kumar.Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Thu, 21 Oct 2010 16:00:43 +0530

On 21/10/10 3:28 PM, glassfish_at_javadesktop.org wrote:
> I retried everything from the very beginning, but still no lucky.
>
> I've tried to access my WebService from JMeter, .NET and GSOAP
>
> Also tried with the default "s1as" auto-signed certificate and my own as well
>
> This is the another log I get, depending on the client I'm using to test.
>
> *** ServerHelloDone
> |http-thread-pool-8181(1), WRITE: TLSv1 Handshake, length = 10661
> http-thread-pool-8181(1), READ: TLSv1 Handshake, length = 157
> *** Certificate chain
> ***
> http-thread-pool-8181(1), fatal error: 42: null certchain javax.net.ssl.SSLHandshakeException: null cert chain
this indicates clearly that the client did not send its certificate.
> %% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> http-thread-pool-8181(1)
> , SEND TLSv1 ALERT:
> fatal,
> description = bad_certificate
> http-thread-pool-8181(1), WRITE: TLSv1 Alert, length= 18
> http-thread-pool-8181(1), fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
>
> Also, in the clean instalation of glassfish I get the error only for saving the http-listener ssl options. The error is this one. Should I file a bug?
>
> org.jvnet.hk2.config.ValidationException: Constraints for this bean violated. Message = keyStoreType must match "(JKS|NSS)"
this one is probably a bug just file it.

When you say migrating from V3.0.1 to V3.1 what exactly are u doing. I
am assuming you are not using the upgrade feature that we have, instead
you are just manually migrating your app to V3.1 is that correct.

Why not go step by step :

1. Take a clean V3.1 and make sure you have client-auth-enabled
attribute set on the Protocol (ssl child) for 8181.
2. Access https://localhost:8181 and see if it works

For this to work the certificate of your client (browser) has to be
trusted by the server.

Once this step is working. I guess you can start migrating your app.
> Thanks guys
> Cheers
> [Message sent by forum member 'rudibravo']
>
> http://forums.java.net/jive/thread.jspa?messageID=485816
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.