Solved

GlassFish and SSL - "No available certificate or key corresponds to the SSL cipher suites which are enabled."

Posted on 2013-10-24
3
1,854 Views
Last Modified: 2013-11-07
Hi All,
I have the following error while trying to enable SSL in GlassFish.

WARNING: No available certificate or key corresponds to the SSL cipher suites which are enabled.
SEVERE: ProtocolChain exception
java.lang.NullPointerException

[#|2013-10-24T07:22:30.773-0600|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=34;_ThreadName=Thread-2;|WEB0169: Created HTTP listener [http-listener-2] on host/port [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:31.678-0600|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=35;_ThreadName=Thread-2;|WEB0169: Created HTTP listener [http-listener-2] on host/port [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:31.694-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=36;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 0ms - bound to [0.0.0.0:8181]|#]

[#|2013-10-24T07:22:47.591-0600|WARNING|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=37;_ThreadName=Thread-2;|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
	at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:363)
	at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:241)
	at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
	at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
	... 14 more
|#]

[#|2013-10-24T07:22:47.592-0600|SEVERE|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=37;_ThreadName=Thread-2;|ProtocolChain exception
java.lang.NullPointerException
	at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
	at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
	at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
|#]

[#|2013-10-24T07:22:47.593-0600|SEVERE|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=38;_ThreadName=Thread-2;|ProtocolChain exception
java.lang.NullPointerException
	at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
	at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
	at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
	at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
	at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
	at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
	at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
	at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
	at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
	at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
	at java.lang.Thread.run(Thread.java:662)
|#]

Open in new window


1st-Cipher-Files-Available.pdf
2nd-Cipher-Files-Available.pdf
3rd-Cipher-Files-Available.pdf

Any help on resolving this error?

http://our_subdomain.our_domain.com:4848/  works great
http://our_subdomain.our_domain.com:8080/apex/  works great
http://our_subdomain.our_domain.com:8080/  works great "Your server is now running"
https://our_subdomain.our_domain.com:8181/ "This webpage is not available"
0
Comment
Question by:bcarlis
  • 3
3 Comments
 
LVL 2

Author Comment

by:bcarlis
ID: 39597270
Also found on startup:

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=12;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 47ms - bound to [0.0.0.0:8181]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=11;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 31ms - bound to [0.0.0.0:4848]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=13;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 31ms - bound to [0.0.0.0:3700]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=14;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 62ms - bound to [0.0.0.0:8080]|#]

[#|2013-10-24T07:43:47.416-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=15;_ThreadName=Thread-2;|Grizzly Framework 1.9.50 started in: 16ms - bound to [0.0.0.0:7676]|#]

[#|2013-10-24T07:43:47.556-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.admin.adapter|_ThreadID=10;_ThreadName=Thread-2;|The Admin Console is already installed, but not yet loaded.|#]

[#|2013-10-24T07:43:48.508-0600|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=10;_ThreadName=Thread-2;|SEC1002: Security Manager is OFF.|#]

[#|2013-10-24T07:43:48.680-0600|SEVERE|glassfish3.1.2|javax.enterprise.system.ssl.security.com.sun.enterprise.security.ssl.impl|_ThreadID=10;_ThreadName=Thread-2;|SEC5054: Certificate has expired: [
[
  Version: V3
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23741889829347261660812437366387754385443431973861114865490414153884050331745811968523116847625570146592736935209718565296053386842135985534863157983128812774162998053673746470782252407673402238146869994438729551246768368782318393878374421033907597162218758024581735139682087126982809511479059100617027892880227587855877479432885604404402435662802390484099065871430585284534529627347717530352189612077130606642676951640071336717026459037542552927905851171460589361570392199748753414855675665635003335769915908187224347232807336022456537328962095005323382940080676931822787496212635993279098588863972868266229522169377
  public exponent: 65537
  Validity: [From: Fri Aug 14 08:50:00 MDT 1998,
               To: Wed Aug 14 17:59:00 MDT 2013]
  Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  SerialNumber: [    01b6]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:5
]

[2]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.2.840.113763.1.2.1.3]
[]  ]
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 76 0A 49 21 38 4C 9F DE   F8 C4 49 C7 71 71 91 9D  v.I!8L....I.qq..
]
]

]

Open in new window

0
 
LVL 2

Accepted Solution

by:
bcarlis earned 0 total points
ID: 39632300
SOLVED:

1. Installed the free Glassfish 4.0  (to start fresh)

2. Created new domain

3. Tested at this stage
http://localhost:8080/      - got as it should
           GlassFish Server - Your server is now running

https://localhost:8181/   - got as it should
            The site's security certificate is not trusted!
 clicked through and got as it should
            GlassFish Server - Your server is now running

4. Deployed APEX

5. Tested at this stage
http://localhost:8080/apex    - got the APEX login
https://localhost:8181/   - got as it should
            The site's security certificate is not trusted!
 clicked through and got as it should the APEX login

6. Moved my keystore that Comodo helped me create to the new install.

7. Tested
https://localhost:8181/   - got generic error
Couldn't figure it out.

8. Contacted Comodo and they recreated my error and told me to do the following:
Modified 'domain.xml' manually.
1. Changed 'keystore.jks' to 'ourname.keystore' in the section that contains...
java-config debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009" system-classpath="" classpath-suffix=""

Open in new window


2. In addition to if you're keystore's password is not the default of 'changeit',
      you will need to add the following as a JVM option
-Djavax.net.ssl.keyStorePassword=MY_KEYSTORE_PASS

Open in new window

     right after the line containing
-Djavax.net.ssl.keyStore=..."

Open in new window


3. Restarted glassfish and the application should work.

My did! WooHoo!
0
 
LVL 2

Author Closing Comment

by:bcarlis
ID: 39632304
Thanks to Comodo!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question