GlassFish error: certificate expired
When you see messages similar to the one shown below in your domains’ server.log dont be alarmed….
[#|2010-0-09T10:27:22.708+0100|SEVERE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;[
[
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547
16822922344208812889709042602587499095862442627202791577133004337
90790762690827764431204965251094584374357939749571449231901726555
46279112796066635455545786300647745888353781002359412766112775410
851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O=”RSA Data Security, Inc.”, C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e…….:..qF…
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ……@&.>……
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ......w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
];|SEC5054: Certificate has expired: [
[
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 61447067692223798504301834056552358628701938134333619023095165347
29547168229223442088128897090426025874990958624426272027915
77133004337907907626908277644312049652510945843743579397495
71449231901726555462791127960666354555457863006477458883537
81002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O=”RSA Data Security, Inc.”, C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e…….:..qF…
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ……@&.>……
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ......w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
]|#]
Although the loglevel is SEVERE you will most likely not run into trouble. It means that one of the certificates within the certificatestore has expired.
Fix this by issuing the following command from the server where GlassFish is installed:
keytool -delete -alias verisignserverca -keystore $GLASSFISH_HOME/domains/$YOURDOMAIN/config/cacerts.jks
This command will delete the verisign server certificate authority (the one which has expired) from your keystore…
Restart the domain and you will not see the message again.
Comments are closed.