I'm sorry this is proving to be so difficult, Jan!
A few notes below.
On Oct 3, 2012, at 4:34 PM, Jan Algermissen wrote:
> Hi Tim,
>
> On Oct 3, 2012, at 11:12 PM, Tim Quinn wrote:
>
>> Hi, again, Jan.
>>
>> I have just installed a very recent build of GlassFish 4 and I can successfully connect to it using jconsole and jvisualvm remotely (after changing the admin password, enabling secure admin, and restarting the domain).
>>
>> A couple of possibilities come to mind.
>>
>> First, the version of Java should be recent on both ends. In response to Tom's note I saw that you have a very recent Java installation on the server. What Java version is on your client?
>
> Same as server's.
>
>>
>> Second, if as you conjectured, the cert containing localhost is part of the problem, you can try this:
>>
>> asadmin stop-domain
>> asadmin delete-domain domain1
>> asadmin create-domain domain1 #(explicitly enter "admin" for the username and respond to the password prompt with a non-empty password)
>> asadmin start-domain
>> asadmin enable-secure-admin
>> asadmin restart-domain
>>
>
> Thanks - that is a great trick indeed. I have spend the last hours to dig through the keytool stuff with no real success in trying what 'brute force' does in seconds :-)
>
> Very nice.
>
> However...
>
>
>> Then try again to connect to the DAS remotely using jvisualvm.
>
> VisualVM still does not do it and e.g. Safari still chockes on the cert saying it has not been validated by a third party. Strange .. isn't the whole idea of self signing that no 3rd party is needed?
You're right that no 3rd-party is needed with self-signed certs, but from the browser's point of view the site is basically vouching for itself, rather than some trusted authority vouching for the site. Any browser worth anything will warn you if the cert is self-signed and should give you the chance to trust it anyway. So I am not surprised Safari is complaining, but it should give you the choice to go to the site anyway.
Do you see the same problem if you try jconsole instead of jvisualvm? I don't know why this would make any difference, really, but if jconsole works but jvisualvm does not then that might indicate something.
Are there any errors logged in the DAS server.log file?
Maybe try launching jvisualvm by specifying
jvisualvm -J-Djavax.net.debug=ssl
or, if that doesn't seem to give helpful information, try
jvisualvm -J-Djavax.net.debug=all
From the errors you posted, it seems as if the server is deciding to abandon the connection, so you might also want to set up that same system property on the server side:
asadmin create-jvm-options "-Djavax.net.debug=ssl"
(or, if needed, replace "ssl" with "all").
- Tim