In Oracle GlassFish Server 3.1.x, the "asadmin enable-secure-admin --adminalias" Command Looks For The Certificate Alias In The Wrong .jks File (Doc ID 1514252.1)

Last updated on JUNE 08, 2023

Applies to:

Symptoms

In Oracle GlassFish Server 3.1.x, the "asadmin enable-secure-admin --adminalias" command is looking for the certificate alias in the wrong .jks file. The command looks for the certificate alias in the cacerts.jks file instead of the keystore.jks file.

A server certificate alias called 'server_cert' is a replacement of the default 's1as' in keystore.jks. The 'server_cert' is signed by a CA cert which is imported to the cacerts.jks file. To secure the GlassFish Admin Console with the command 'enable-secure-admin' using the 'server_cert' certificate the following command is run:

The "asadmin enable-secure-admin --adminalias" command works fine if the certificate is added to the cacerts.jks file with the alias name 'server_cert'. However, the user is not supposed to be putting the public and private keys into the cacerts.jks file. The cacerts.jks file is supposed to be a list of trusted certificate authority (CA) certificates only. So only trusted CA certs should be part of the truststore. The "enable-secure-admin" command should look for the certificate alias(--adminalias) only in the keystore.jks and not in cacerts.jks.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.