How To Fix Expired Certificate In Embedded Glassfish

The following error:


 com.sun.enterprise.security.ssl.impl.SecuritySupportImpl checkCertificateDates
SEVERE: SEC5054: Certificate has expired: [
[
  Version: V3
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits

Is caused by certificate expiration in the keystore file: cacerts.jks. The cacerts.jks file usually resides in the folder: [GLASSFISH_HOME]/glassfish4/glassfish/domains/[DOMAIN_NAME]/config. With embedded GlassFish the certificate is extracted into the folder [USER]/.glassfishv3-arquillian[...]/config.

Copy the keystore file cacerts.jks into src/test/resources/config and mvm clean install you project.

In case the keystore file also contains the expired certificate, simply delete the affected certificate:


keytool -delete -keystore ./cacerts.jks -alias gtecybertrust5ca
Password: changeit

See you at Java EE Workshops at MUC Airport!

Comments:

You can search for additional expired certificates using the following command.
keytool -list -v -storepass changeit -keystore cacerts.jks > cert-list-cacerts-jks.txt

Open the output file "cert-list-cacerts-jks.txt" and look for expired certificates.
Exemplo: Valid from: Tue May 30 07:44:50 BRT 2000 until: Wed March 11 07:44:50 BRT 2020
Use the "Alias name" information on keytool -delete -alias command.

Posted by Thiago Pasa on March 14, 2020 at 06:14 PM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
...the last 150 posts
...the last 10 comments
License