Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SSL cert upgrade on GF 2.0  RSS feed

lance raymond
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't see a glassfish section, but saw the bulk of the q's in the Tomcat so will post it here. We have a GlassFish 2.0 server running and the cert expires in a week and the original person is no longer here. I'm a linux guy new to Java, so I am following these commands along with the rapidSSL site and thought I was good.

Running thought the list, I have the original keystore.jks file which expires in a week. I made a new file, newkey.jks, created the csr, got the 2 certificates (ROOT and intermediate) and added them both. I can use the following to verify;

keytool -list -v -keystore newkey.jks -alias myalias and get the info (this is just the top);

Alias name: myalias
Creation date: Sep 2, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 3
Owner:, OU=Domain Control Validated - RapidSSL(R), OU=See (c)11, OU=GT06273877,, C=US, SERIALNUMBER=uqovQ4SFeb-FcCu5KrGxbRef3IomKkVc
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Serial number: 2fea8
Valid from: Tue Aug 30 22:56:35 EDT 2011 until: Fri Nov 01 03:05:11 EDT 2013

So looking at the above, all seemed correct. I went to the default domain.xml file and made the 2 changes to the file path for the new keystore and restared. The 1st time it died instantly with the server.log spitting out the following;
Caused by: java.lang.IllegalStateException: Keystore was tampered with, or password was incorrect

So I looked a bit more, and read how the original password was probably still there, so I issued a password reset to the default password and restared again. This time I got the following error;

Caused by: java.lang.IllegalStateException: Cannot recover key

So that is where I am stuck and not enough knowledge on what to do from here. Ironically the forums was both slow and even better, I registered, confirmed, logged in, then on the message board, you can't create a new message as it says you must be logged in. YOu click the login icon and get a "your already logged in" ... classic!

So with that, I am not sure if I should look into adding the updated certificate to the current keystore (not sure if that can even be done), or figuring out what the above is and how to get past it. Any help, commands I can provide, etc. please let me know as time is ticking for me!

  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!