users@jersey.java.net

Re: [Jersey] Problem with Glassfish v3 SSL

From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Fri, 18 Sep 2009 13:07:39 -0400

Salut,

(Thanks to Kedar who works with my team for the help)

Is it possible to import the cert in
existing truststore and just refer to it using the alias?

The other issue is ./config/beliv.jks can be problematic. If the
server's pwd when it starts (user.dir) is domain-folder/config,
./config/beliv.jks is going to result (mostly) in a non-existent file.

Let me know how it goes.

-- Jeanfrancois

Jordi Domingo wrote:
> Salut Jeanfrancois,
>
> I enabled ssl and configured the certificate nickname to beliv, keystore
> to beliv.jks (its in domains/domain1).
>
> I used this commands to create and import the certificate
>
> keytool -keystore beliv.jks -keypass changeit -storepass changeit
> -genkey -alias beliv -keyalg RSA -dname "CN=beliv.xxx.com, OU=I_D,
> O=blueliv, L=Barcelona, ST=Barcelona, C=ES"
>
> keytool -export -alias beliv -storepass changeit -file server.cer
> -keystore beliv.jks
>
> keytool -import -v -trustcacerts -alias beliv -file server.cer -keystore
> ./config/cacerts.jks -keypass changeit
>
>
> I attached an image of the config in admin tool
>
> Thanks,
>
> Jordi
>
> > Date: Fri, 18 Sep 2009 11:05:56 -0400
> > From: Jeanfrancois.Arcand_at_Sun.COM
> > To: users_at_jersey.dev.java.net
> > Subject: Re: [Jersey] Problem with Glassfish v3 SSL
> >
> > Salut,
> >
> > can you post your domain.xml and the exact configuration changes you did
> > (if you)?
> >
> > Thanks
> >
> > -- Jeanfrancois
> >
> > Jordi Domingo wrote:
> > > Hi,
> > >
> > > I'm trying to work with https with GFv3.
> > >
> > > It works, but its very very very slow and in the console for every
> > > request appear this exception:
> > >
> > >
> > > GRAVE: ProtocolChain exception
> > > java.lang.IllegalArgumentException: CipherSuites may not be null
> > > at
> > >
> com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:58)
> > > at
> > >
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:1724)
> > > at
> com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:358)
> > > at
> > >
> com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:394)
> > > at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:154)
> > > at
> > >
> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> > > at
> > >
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> > > at
> > >
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> > > at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> > > at
> > >
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> > > at
> > >
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> > > at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> > > at
> > >
> com.sun.grizzly.util.FixedThreadPool$BasicWorker.dowork(FixedThreadPool.java:379)
> > > at
> > >
> com.sun.grizzly.util.FixedThreadPool$BasicWorker.run(FixedThreadPool.java:360)
> > > at java.lang.Thread.run(Thread.java:619)
> > >
> > >
> > > I tried a lot of things in the admin console, i'm using a self-signed
> > > certificate (i verified it through the browser).
> > >
> > > Dont know what to do. Any help would be very appreciated.
> > >
> > > Thanks
> > >
> > >
> ------------------------------------------------------------------------
> > > Hay tantos ordenadores como personas. ¡Descubre ahora cuál eres tú!
> > > <http://www.quepceres.com/>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> > For additional commands, e-mail: users-help_at_jersey.dev.java.net
> >
>
> ------------------------------------------------------------------------
> Celebramos el 10º aniversario de Messenger. ¡Únete a la fiesta!
> <http://www.vivelive.com/felicidades>
>
>
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net