-
Notifications
You must be signed in to change notification settings - Fork 306
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Payara full 5.182 SSL certificate expired #3038
Comments
+1 This is a killer. A quick resolution would be greatly appreciated. |
You can just delete it from the keystore or replace it with one from the JDK. If you need a fast maintenance release outside of the usual quarterly release cycle please go to https://www.payara.fish/choose_support |
I had the same problem, but I use glassfish, the first thing I did is to see which certificates are expired with the following command, this command execute from : \glassfish-4.1\glassfish\domains\domain1\config "C:\Program Files\Java\jdk1.8.0_161\bin\keytool.exe" -list -v -keystore cacerts.jks -storepass changeit > listaCertificados.txt This command saves all the certificates in a txt, then you can go looking for those that expire in 2018 and copy their name, then you put the following command to delete it from the keystore: "C:\Program Files\Java\jdk1.8.0_161\bin\keytool.exe" -delete -alias gtecybertrustglobalca -keystore cacerts.jks -storepass changeit in my case the expired certificate was "gtecybertrustglobalca" with that the problem is solved. |
Thanks for the detailed instructions |
Fixed by #3044 |
Oh hey. Just a few days ago my up-to-date setup (Eclipse + Payara Tools + Payara 5.182) ran without any problems. Now that I found this thread, I could fix it by removing the outdated keys. So, apart from removing the outdated keys, I think you should overthink your approach to that error handling. I am sorry I cannot provide any intellectual constructive contribution to this problem, because I don't know much about that live debugging stuff and how Glassfish/Payara kills its own loggers. BTW, you I really love the Payara server and the Payara Tools for Eclipse. Great work! |
We have some servers running on the latest Payara 4 version and we encountered this issue too while trying to log in to DAS console. The login goes to an endless loop and burps out this error about this expired root CA. Removing the certificate from the cacerts keystore does not fix the problem. The endless loop still happens but with an error from "equifaxsecureca" certificate. We also removed this certificate with no avail. We have secure domain enabled in our DAS. If anyone has any clue what to do to get the DAS console working, it would be greatly appreciated. |
Just a general question: why do you even include all those wild certificates into the realease versions? My console output to eclipse always dies with those error messages. Any chance you could fix that? Oh and those errors start popping up 3-5 times a year now, and im getting really tired of fixing those every time by removing those outdated certificates. |
It's really tedious having to delete them one by one. |
i wrote a script to automate it based on @edwingioflo13's instructions: |
Description
Payara full keystore contains expired SSL certificate
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Expected Outcome
No severe log for The SSL certificate has expired
Current Outcome
Severe: The SSL certificate has expired: [
[
Version: V1
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 104674226241368487598835828377585222181792546532354327780214427055917513664449991602803276678454577364904540367827644455215731003386468752240014232146814457308076052176227490263634768927290191763858631579785604655038492469791381988347440106477066514204303723029602991655085187937840556671697442212352844587673
public exponent: 65537
Validity: [From: Thu Aug 13 03:29:00 EEST 1998,
To: Tue Aug 14 02:59:00 EEST 2018]
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
SerialNumber: [ 01a5]
]
Algorithm: [MD5withRSA]
Signature:
0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.*<H
0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 ...3.....4N.@.t.
0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....
0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ............m..
0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.
]
Steps to reproduce (Only for bug reports)
./asadmin start-domain domain1
Samples
Context (Optional)
Environment
The text was updated successfully, but these errors were encountered: