科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Glassfish 7 : most certificates missing in cacerts.jks - Stack Overflow

    Glassfish 7 : most certificates missing in cacerts.jks - Stack Overflow

    programmeradmin0浏览0评论

    I have two Glassfish 7 installations, one for development on windows and one for production on linux. I noticed that in both the cacerts.jks in domains/domain1/config contains only the server certificates. This is causing problems with ssl connections initiated from my application because remote server certificates are not trusted. Which is the best way to solve ? I know how to import a single certificate, but I would need hundreds, so it is impractical. Can I say Glassfish to use cacerts from java installation ? Instead I think it is not a good idea to overwrite cacerts.jks because it may cause Glassfish to fail to start.

    The root cause is known from years but it seems nobody cares, am I missing something ?

    I have two Glassfish 7 installations, one for development on windows and one for production on linux. I noticed that in both the cacerts.jks in domains/domain1/config contains only the server certificates. This is causing problems with ssl connections initiated from my application because remote server certificates are not trusted. Which is the best way to solve ? I know how to import a single certificate, but I would need hundreds, so it is impractical. Can I say Glassfish to use cacerts from java installation ? Instead I think it is not a good idea to overwrite cacerts.jks because it may cause Glassfish to fail to start.

    The root cause is known from years but it seems nobody cares, am I missing something ?

    • glassfish
    • cacerts
    Share Improve this question asked Feb 5 at 12:14 FilippoFilippo 1,1611 gold badge12 silver badges30 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    yes, this is a known issue in GlassFish. Unfortunately, the GlassFish team hasn't find a solution that would improve this and keep GlassFish server secure in production at the same time. Here's a newer ticket, which is still open, and includes the discussion: https://github.com/eclipse-ee4j/glassfish/issues/24523

    A workaround is to copy all the certificates from the JDK truststore, with this command:

    keytool -importkeystore -v -noprompt -srckeystore "$JAVA_HOME/jre/lib/security/cacerts" -destkeystore "$GLASSFISH_HOME/glassfish/domains/domain1/config/cacerts.jks" -deststoretype jks

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论