users@glassfish.java.net

Error upgrading config for secure DAS-to-instance admin traffic

From: Christian Affolter <c.affolter_at_stepping-stone.ch>
Date: Tue, 21 Aug 2012 13:34:23 +0200

Dear GlassFish users

I'm trying to upgrade the GlassFish Server Open Source Edition from
3.1.2 to 3.1.2.2 with a side-by-side upgrade path and the help of the
asupgrade tool, following the upgrade guide (chapter "To Upgrade From
the Command Line Using Upgrade Tool").

Unfortunately the upgrade fails with the following exception:
asadmin: SEVERE: Error upgrading config for secure DAS-to-instance admin
traffic
asadmin: org.jvnet.hk2.component.ComponentException: injection failed on
com.sun.enterprise.security.ssl.SSLUtils.secSupp with class
com.sun.enterprise.server.pluggable.SecuritySupport

[...]

asadmin: Caused by: java.io.IOException: Keystore was tampered with, or
password was incorrect


The old version is located at /opt/glassfish-3.1.2 and symlinked to
/opt/glassfish, whereas the new version will be located at
/opt/glassfish-3.1.2.2. The old version uses a site specific master
password (not the default one).


I've used the following steps to upgrade to the new version:

cd /var/tmp
wget
http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2.zip
mkdir --mode=755 /opt/glassfish-3.1.2.2
unzip glassfish-3.1.2.2.zip -d /opt/glassfish-3.1.2.2

rm -rf /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains/domain1

/opt/glassfish-3.1.2.2/glassfish3/glassfish/bin/asupgrade \
    --console \
    --source /opt/glassfish/glassfish3/glassfish/domains/domain1 \
    --target /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains

On the "Enter the master password" prompt I've entered the same master
password as on the old version, however asadmin doesn't seems to be able
to access the keystore. I've used copy and paste for entering the master
password and also verified it on the old version beforehand.

Afterwards I've compared the MD5 sums of the following files on both
versions, they all match.
.../domains/domain1/config/keystore.jks
.../domains/domain1/config/cacerts.jks
.../domains/domain1/master-password

I was also able to list the content of the keystore and the cacerts with
help of the keytool and the master password of the old version.


Are there any pre-upgrade steps that I've missed or what could be the
cause of the above error?


Please find attached the complete upgrade log file.


Thanks a lot in advance for your help.
Christian



© Oracle | By contributing to this project, you are agreeing to the terms of use described here.