发表新帖
发表新帖

Arquillian Embedded Glassfish Certificate Expired

前端 未结
关注
3 544
离开以前
离开以前 2021-01-01 02:40

On Aug 14th, the gtecybertrust5ca certifcate used by Glassfish expired causing my Arquillian tests to print errors.

This problem is similar to this one: Certificate

相关标签:
3条回答
  • 南旧
    2021-01-01 02:46

    You can now get the certs as part of the OpenJDK package - see https://dzone.com/articles/openjdk-10-now-includes-root-ca-certificates

    For a Docker install you can do something like this:

    # Set glassfish env
ENV GLASSFISH_HOME /opt/glassfish5/glassfish

# Get latest cacerts from OpenJDK project
RUN wget https://hg.openjdk.java.net/jdk/jdk/raw-file/tip/src/java.base/share/lib/security/cacerts && \
    mv cacerts $GLASSFISH_HOME/domains/domain1/config/cacerts.jks
    0 讨论(0)
  • 余生分开走
    2021-01-01 02:53

    I finally got to the bottom of the issue by tracing the Glassfish code that loads the certs. The embedded, at least, version ignores any passed in parameters and looks to its classpath to find the trusted key store to load. It then writes it to a temp location and instructs the server to load and use it.

    To get rid of the error messages, grab the cacerts.jks file from its temp location (after running Maven and seeing the expired exception) I found it at: C:\Users\{myUserName}\AppData\Local\Temp\gfembed872323756359721458tmp\config\cacerts.jks.

    Copy this file to your project under resources/config/cacerts.jks (it will need to be loaded into your test classpath).

    From the command prompt in the directory where you copied the keystore, use your JDK keytool to remove the expired key as follows:

    keytool -delete -keystore cacerts.jks -alias gtecybertrust5ca

    The Embedded Glassfish should now pick up your updated keystore instead of its default hardcoded version.

    0 讨论(0)
  • 离开以前
    2021-01-01 02:57

    I fixed the issue following the steps:

    1. Find precise date of expiration in logs of your application (in my case it was Aug 15 2013)

    2. Extract files from glassfish-.jar into folder glassfish-

    3. In glassfish-* find a folder config. It contains needed cacerts.jks

    4. Using java keytool I list all certificates using the answer I found here

    list all certificates from cacerts.jks, the keytool from java can do that. I copied the cacerts.jks file in the keytool folder but is optional if keytool is working well : C:\glassfish3\jdk7\bin>keytool -list -v -keystore cacerts.jks -storepass changeit > listaCertificados.txt

    1. Open you listaCertificados.txt and find names of certificates by date you found at first step in your application logs
    2. again

    i deleted the gtecybertrust5ca (use the name of certificates that expired in ur case) certified that expired in august 2013. The command is: keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks -storepass changeit

    1. the last: updating glassfish-*.jar with changed config folder (7-zip didn't help me)

    jar uf glassfish-* config

    0 讨论(0)
 看不清?
提交回复
热议问题