How To Fix Expired Certificate In Embedded Glassfish
The following error:
com.sun.enterprise.security.ssl.impl.SecuritySupportImpl checkCertificateDates SEVERE: SEC5054: Certificate has expired: [ [ Version: V3 Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.1135126.96.36.199 Key: Sun RSA public key, 2048 bits
Is caused by certificate expiration in the keystore file:
cacerts.jks. The cacerts.jks file usually resides in the folder:
[GLASSFISH_HOME]/glassfish4/glassfish/domains/[DOMAIN_NAME]/config. With embedded GlassFish the certificate is extracted into the
Copy the keystore file cacerts.jks into
mvm clean install you project.
In case the keystore file also contains the expired certificate, simply delete the affected certificate:
keytool -delete -keystore ./cacerts.jks -alias gtecybertrust5ca
See you at Java EE Workshops at MUC Airport!
You can search for additional expired certificates using the following command.
keytool -list -v -storepass changeit -keystore cacerts.jks > cert-list-cacerts-jks.txt
Open the output file "cert-list-cacerts-jks.txt" and look for expired certificates.
Exemplo: Valid from: Tue May 30 07:44:50 BRT 2000 until: Wed March 11 07:44:50 BRT 2020
Use the "Alias name" information on keytool -delete -alias command.
Posted by Thiago Pasa on March 14, 2020 at 06:14 PM CET #