In Oracle GlassFish Server 3.1.x, the "asadmin enable-secure-admin --adminalias" Command Looks For The Certificate Alias In The Wrong .jks File (Doc ID 1514252.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle GlassFish Server - Version 3.1 and later
Information in this document applies to any platform.

Symptoms

In Oracle GlassFish Server 3.1.x, the "asadmin enable-secure-admin --adminalias" command is looking for the certificate alias in the wrong .jks file. The command looks for the certificate alias in the cacerts.jks file instead of the keystore.jks file.

A server certificate alias called 'server_cert' is a replacement of the default 's1as' in keystore.jks. The 'server_cert' is signed by a CA cert which is imported to the cacerts.jks file. To secure the GlassFish Admin Console with the command 'enable-secure-admin' using the 'server_cert' certificate the following command is run:


The "asadmin enable-secure-admin --adminalias" command works fine if the certificate is added to the cacerts.jks file with the alias name 'server_cert'. However, the user is not supposed to be putting the public and private keys into the cacerts.jks file. The cacerts.jks file is supposed to be a list of trusted certificate authority (CA) certificates only. So only trusted CA certs should be part of the truststore. The "enable-secure-admin" command should look for the certificate alias(--adminalias) only in the keystore.jks and not in cacerts.jks.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms