"Certificate has expired" in log by starting Glassfish 3.1.2
We are also using embedded Glassfish and Arquillian for our integration tests and unfortunately we cannot run any tests before a new release of the embedded Glassfish is released. In the meantime, this is what I did:
- Find the embedded Glassfish jar in your local Maven cache. Mine was in \path\to\local\maven\repo\org\glassfish\main\extras\glassfish-embedded-all\3.1.2\glassfish-embedded-all-3.1.2.jar
- Open the JAR with some archiving software. I used 7-zip.
- Extract config\cacerts.jks to some folder.
- Execute \path\to\jdk\bin\keytool -delete -v -alias gtecybertrust5ca -keystore cacerts.jks. When asked for password enter: changeit
- Copy cacerts.jks back to the glassfish embedded jar overwriting the old keystore.
- Run your tests again.
Just found a similar solution by heather92115 in a linked post (https://stackoverflow.com/a/18343639/1540666) which my be a bit better. Just remember to delete the modified keystore from your project when an updated embedded Glassfish is released.
just do
domain=domain1
asadmin stop-domain $domain
cd $(dirname `which asadmin`)/../glassfish/domains/config
cp cacerts.jks{,.bak}
keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks -storepass changeit
cd -
asadmin start-domain $domain
The certificate of GTE Cybertrust Solutions inc has expired this night.
As stated here: https://forums.oracle.com/thread/2563077 the alias of this certificate is: gtecybertrust5ca
As long as it is a standalone Glassfish you can follow this guide: https://blogs.oracle.com/ramkri/entry/sec5054_certificate_has_expired_error
Link on Wayback Machine: https://web.archive.org/web/20140713065413/https://blogs.oracle.com/ramkri/entry/sec5054_certificate_has_expired_error
I have the same problem, but with the embedded Glassfish 3.1.2.2 used by Arquillian. I don't know where the certificates are stored in this embedded setup. Any hints are appreciated.
UPDATE for an embedded setup: To fix the certificate while using an embedded glassfish, just copy a fixed version of the cacerts.jks from the standalone glassfish installation <glassfish_home>/glassfish/domains/<your_domain>/config/cacerts.jks to your resource directory. E.g. when using maven and arquillian, just copy the file to <projectRoot>/src/test/resources/config/cacerts.jks. The embedded glassfish will pick up this configuration!
This is the solution from this post: Arquillian Embedded Glassfish Certificate Expired
My OS is windows 2003 system and I solved the problem as follows
i opened the cmd console of windows system in C:\glassfish3\jdk 7\bin, in that folder was the keytool
Find all cacerts.jks in the glassfish directory, in my case i find them all in C:\glassfish3\glassfish\domains\domain1\config and C:\glassfish3\glassfish\lib\templates
list all certificates from cacerts.jks, the keytool from java can do that. I copied the cacerts.jks file in the keytool folder but is optional if keytool is working well : C:\glassfish3\jdk7\bin>keytool -list -v -keystore cacerts.jks -storepass changeit > listaCertificados.txt
in the listaCertificados.txt file created in the previous step, I checked all expired certificates
i deleted the gtecybertrust5ca certified that expired in august 2013. The command is: keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks -storepass changeit
i changed the cacerts.jks's name file that was it in C:\glassfish3\glassfish\domains\domain1\config, then i copied the cacerts.jks file from C:\glassfish3\jdk7\bin to C:\glassfish3\glassfish\domains\domain1\config
i applied the same procedure to C:\glassfish3\glassfish\lib\templates\cacerts.jks
finally i reloaded the glassfish server
Sorry for my english, i don´t speak that language but i want to help