I am having a strange issue with GF V4.0 and SSL. I have 2 domains deployed
on a test box, i.e. domain1 and domain2. Domain1 is configured with a
wildcard SSL cert from GoDaddy and runs on 8181. No issues. I just
deployed Domain2. SSL on Domain2 runs on 5081. I used portbase to offset
ports for the new domain.
HTTP works as expected. However I am having an issue with HTTPS working on
Domain2. In the Admin Console->Configurations->HTTP
Service->Http-listener-2->SSL Tab, I have the cert nickname set to the alias
in the keystore (the same alias as in domain1 which works) and have set the
cacerts and keystores locations to point to the same keystore as for
domain1. When I try to connect via SSL I error out: for example, in
Chrome, it returns Error code: ERR_SSL_PROTOCOL_ERROR. However, when I
change the nickname to s1as, it works with the obligatory not trusted cert
message.
I turned on logging to see if I could figure out anything. As noted below,
with s1as, it shows it is getting the privatekey and the cert chain. For
some reason, with the nick that is associated with the wildcard cert, it
justs shows getprivatekey and never goes further. At the same time, this
works perfectly on domain1.
Anyone have any ideas?
With S1AS
[2014-04-28T08:41:56.777-0700] [glassfish 4.0] [FINE] []
[javax.enterprise.system.core.security.com.sun.enterprise.security.ssl]
[tid: _ThreadID=560 _ThreadName=http-listener-2(1)] [timeMillis:
1398699716777] [levelValue: 500] [CLASSNAME:
com.sun.enterprise.security.ssl.J2EEKeyManager] [METHODNAME: getPrivateKey]
[[
Getting private key for alias:s1as]]
[2014-04-28T08:41:56.777-0700] [glassfish 4.0] [FINE] []
[javax.enterprise.system.core.security.com.sun.enterprise.security.ssl]
[tid: _ThreadID=560 _ThreadName=http-listener-2(1)] [timeMillis:
1398699716777] [levelValue: 500] [CLASSNAME:
com.sun.enterprise.security.ssl.J2EEKeyManager] [METHODNAME:
getCertificateChain] [[
Getting certificate chain]]
With My Cert aaaa.bbbb.com
[2014-04-28T08:46:21.607-0700] [glassfish 4.0] [FINE] []
[javax.enterprise.system.core.security.com.sun.enterprise.security.ssl]
[tid: _ThreadID=595 _ThreadName=http-listener-2(1)] [timeMillis:
1398699981607] [levelValue: 500] [CLASSNAME:
com.sun.enterprise.security.ssl.J2EEKeyManager] [METHODNAME: getPrivateKey]
[[
Getting private key for alias:aaaa.bbbb.com]]
[2014-04-28T08:46:21.607-0700] [glassfish 4.0] [FINE] []
[javax.enterprise.system.core.security.com.sun.enterprise.security.ssl]
[tid: _ThreadID=595 _ThreadName=http-listener-2(1)] [timeMillis:
1398699981607] [levelValue: 500] [CLASSNAME:
com.sun.enterprise.security.ssl.J2EEKeyManager] [METHODNAME: getPrivateKey]
[[
Getting private key for alias:aaaa.bbbb.com]]
Keytool shows the alias correctly. The SSL connection on domain1 works using
the same keystore