My Oracle Support Banner

On the Windows Platform a GlassFish Server Domain Won't Start After Deleting or Adding a SSL Certificate From its Certificate Database (Doc ID 1297373.1)

Last updated on OCTOBER 24, 2018

Applies to:

Oracle GlassFish Server - Version 2.1.1 to 2.1.1 [Release 2.1]
Generic Windows


This problem is only observed in a windows environment using a GlassFish Server installation that includes HADB as that provides the NSS library used by enterprise profile domains. The problem occurs once you've performed any certutil commands to delete or create certificates in the domain's certificate database.

For example, if you delete one of the Certificate Authority certificates:

> cd D:\Sun\sges211ee\domains\domain1\config
> D:\Sun\sges211ee\lib\certutil -D -n entrustgsslca -d .

The application server will not be able to start:

> D:\Sun\sges211ee\bin\asadmin start-domain domain1
Starting Domain domain1, please wait.
Default Log location is D:\Sun\sges211ee\domains\domain1\logs\server.log.
Please enter the master password>
Redirecting output to D:/Sun/sges211ee/domains/domain1/logs/server.log
Domain domain1 failed to startup. Please check the server log for more details.
CLI156 Could not start the domain domain1.

Checking the server log shows:

[#|2010-09-28T17:56:31.109-0700|SEVERE|sun-appserver2.1.1||_ThreadID=10;_ThreadName=main;_RequestID=5005d5bd-5026-4053-80f9-5644c4e0000a;|SEC8001: Exception in initializing SunPKCS11. Library ./nssckbi.dll does not exist


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.