Search code examples
httpsglassfish

how to enable https with glassfish 6.2.5

I am trying to enable https with glassfish 6.2.5 on windows.

I generated a certificate with this command:

openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out certificate.csr
openssl x509 -req -in certificate.csr -signkey private.key -out certificate.crt

I imported the certificate into the cacerts with this command:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\cacerts.jks" -file "C:\Program Files\TLM Com\certificates\certificate.crt" -alias ssl

I imported the certificate into the keystore with this command:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

I changed in glassfish the following settings:

  • http-listener-2
    • general
      • port -> 443
      • security -> enabled
    • ssl
      • ssl3 -> enabled
      • tls -> enabled
      • certificate nickname -> ssl

I restarted the glassfish server and when I try a url I have no response.

I enabled debug ssl in glassfish, I got the following errors:

[2023-05-25T14:39:36.621+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376621] [levelValue: 1000] [[

javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.621 CEST|SSLCipher.java:1870|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|SSLCipher.java:2024|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[ javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry ]]

[2023-05-25T14:39:36.623+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376623] [levelValue: 1000] [[ javax.net.ssl|ERROR|A2|http-listener-2(3)|2023-05-25 14:39:36.623 CEST|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): No available authentication scheme ( "throwable" : { javax.net.ssl.SSLHandshakeException: No available authentication scheme at

Do you have any idea what is missing please?

Thank you.

Solution

  • You have to import the private key in the keystore.

    If your question is not a "typo" at the following part, you imported the public certificate instead of the private key:

    keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

    You have to do this:

    keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\private.key" -alias ssl

    So basically just exchange certificate.crt with private.key.

    You'll have to remove the existing entry first.