?
Solved

GlassFish and SSL - "No available certificate or key corresponds to the SSL cipher suites which are enabled."

Posted on 2013-10-24
3
Medium Priority
?
2,093 Views
Last Modified: 2013-11-07
Hi All,
I have the following error while trying to enable SSL in GlassFish.

WARNING: No available certificate or key corresponds to the SSL cipher suites which are enabled.
SEVERE: ProtocolChain exception
java.lang.NullPointerException

[#|2013-10-24T07:22:30.773-0600|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=34;_ThreadName=Thread-2;|WEB0169: Created HTTP listener [http-listener-2] on host/port [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:31.678-0600|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=35;_ThreadName=Thread-2;|WEB0169: Created HTTP listener [http-listener-2] on host/port [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:31.694-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=36;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 0ms - bound to [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:47.591-0600|WARNING|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=37;_ThreadName=Thread-2;|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
	at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:363)
	at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:241)
	at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
	... 14 more
|#]

[#|2013-10-24T07:22:47.592-0600|SEVERE|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=37;_ThreadName=Thread-2;|ProtocolChain exception
java.lang.NullPointerException
	at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
	at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
	at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
|#]

[#|2013-10-24T07:22:47.593-0600|SEVERE|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=38;_ThreadName=Thread-2;|ProtocolChain exception
java.lang.NullPointerException
	at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
	at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
	at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
|#]

Open in new window


1st-Cipher-Files-Available.pdf
2nd-Cipher-Files-Available.pdf
3rd-Cipher-Files-Available.pdf

Any help on resolving this error?

http://our_subdomain.our_domain.com:4848/  works great
http://our_subdomain.our_domain.com:8080/apex/  works great
http://our_subdomain.our_domain.com:8080/  works great "Your server is now running"
https://our_subdomain.our_domain.com:8181/ "This webpage is not available"
0
Comment
Question by:bcarlis
  • 3
3 Comments
 
LVL 2

Author Comment

by:bcarlis
ID: 39597270
Also found on startup:

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=12;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 47ms - bound to [0.0.0.0:8181]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=11;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 31ms - bound to [0.0.0.0:4848]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=13;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 31ms - bound to [0.0.0.0:3700]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=14;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 62ms - bound to [0.0.0.0:8080]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=15;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 16ms - bound to [0.0.0.0:7676]|#]

[#|2013-10-24T07:43:47.556-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.admin.adapter|_ThreadID=10;_ThreadName=Thread-2;|The Admin Console is already installed, but not yet loaded.|#]

[#|2013-10-24T07:43:48.508-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=10;_ThreadName=Thread-2;|SEC1002: Security Manager is OFF.|#]

[#|2013-10-24T07:43:48.680-0600|SEVERE|glassfish3.1.2|javax.enterprise.system.ssl.security.com.sun.enterprise.security.ssl.impl|_ThreadID=10;_ThreadName=Thread-2;|SEC5054: Certificate has expired: [
[
  Version: V3
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23741889829347261660812437366387754385443431973861114865490414153884050331745811968523116847625570146592736935209718565296053386842135985534863157983128812774162998053673746470782252407673402238146869994438729551246768368782318393878374421033907597162218758024581735139682087126982809511479059100617027892880227587855877479432885604404402435662802390484099065871430585284534529627347717530352189612077130606642676951640071336717026459037542552927905851171460589361570392199748753414855675665635003335769915908187224347232807336022456537328962095005323382940080676931822787496212635993279098588863972868266229522169377
  public exponent: 65537
  Validity: [From: Fri Aug 14 08:50:00 MDT 1998,
               To: Wed Aug 14 17:59:00 MDT 2013]
  Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  SerialNumber: [    01b6]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:5
]

[2]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.2.840.113763.1.2.1.3]
[]  ]
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 76 0A 49 21 38 4C 9F DE   F8 C4 49 C7 71 71 91 9D  v.I!8L....I.qq..
]
]

]

Open in new window

0
 
LVL 2

Accepted Solution

by:
bcarlis earned 0 total points
ID: 39632300
SOLVED:

1. Installed the free Glassfish 4.0  (to start fresh)

2. Created new domain

3. Tested at this stage
http://localhost:8080/      - got as it should
           GlassFish Server - Your server is now running

https://localhost:8181/   - got as it should
            The site's security certificate is not trusted!
 clicked through and got as it should
            GlassFish Server - Your server is now running

4. Deployed APEX

5. Tested at this stage
http://localhost:8080/apex    - got the APEX login
https://localhost:8181/   - got as it should
            The site's security certificate is not trusted!
 clicked through and got as it should the APEX login

6. Moved my keystore that Comodo helped me create to the new install.

7. Tested
https://localhost:8181/   - got generic error
Couldn't figure it out.

8. Contacted Comodo and they recreated my error and told me to do the following:
Modified 'domain.xml' manually.
1. Changed 'keystore.jks' to 'ourname.keystore' in the section that contains...
java-config debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009" system-classpath="" classpath-suffix=""

Open in new window


2. In addition to if you're keystore's password is not the default of 'changeit',
      you will need to add the following as a JVM option
-Djavax.net.ssl.keyStorePassword=MY_KEYSTORE_PASS

Open in new window

     right after the line containing
-Djavax.net.ssl.keyStore=..."

Open in new window


3. Restarted glassfish and the application should work.

My did! WooHoo!
0
 
LVL 2

Author Closing Comment

by:bcarlis
ID: 39632304
Thanks to Comodo!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Via a live example, show how to take different types of Oracle backups using RMAN.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question