StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POArquillian Embedded Glassfish Certificate Expired
text
Body
copied!<p>On Aug 14th, the gtecybertrust5ca certifcate used by Glassfish expired causing my Arquillian tests to print errors.</p> <p>This problem is similar to this one: <a href="https://stackoverflow.com/questions/18248020/certificate-has-expired-in-log-by-starting-glassfish-3-1-2">Certificate has expired” in log by starting Glassfish 3.1.2</a> except, I am using the <em>Embedded</em> version of Glassfish via Maven, Arquillian and SureFire to run unit and integration tests.</p> <p>I have tried instructing Maven to use a local keystore, the one that comes with the JRE, in an effort to keep the expired cert from being used. I verified the expired certificate is not contained within this keystore:</p> <pre><code>C:\Java\jdk1.7.0_25\jre\lib\security>keytool -list -keystore cacerts </code></pre> <p>I instruct SureFire via Maven to start the JVM with arguments to use the cacerts trusted keystore:</p> <pre><code> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>2.16</version> <configuration> <argLine> -Djavax.net.ssl.trustStore=C:\Java\jdk1.7.0_25\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit </argLine> .... </configuration> </plugin>  <plugin> <groupId>org.glassfish.embedded</groupId> <artifactId>maven-embedded-glassfish-plugin</artifactId> <version>4.0</version> <configuration> <app>${project.build.directory}/${project.build.finalName}.war</app> <port>7070</port> <containerType>web</containerType> </configuration> </plugin> </code></pre> <p>I also added JVM arguments where Maven is start within Maven's mvn.bat file:</p> <pre><code>@REM Use specified java cert trust set MAVEN_OPTS=%MAVEN_OPTS% -Djavax.net.ssl.trustStore=%JAVA_HOME%\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit %MAVEN_JAVA_EXE% %MAVEN_OPTS% ... </code></pre> <p>Here's the Surefire invocation of the JVM used to run the unit tests:</p> <pre><code>Forking command line: cmd.exe /X /C "C:\Java\jdk1.7.0_25\jre\bin\java -Djavax.net.ssl.trustStore=C:\Java\jdk1.7.0_25\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit ..." Running com.networkfleet.ssp.activation.SelectedActivationTableBeanTest </code></pre> <p>The command line args do seem to match the expected system properties Glassfish expects per its com.sun.enterprise.security.ssl.impl.SecuritySupportImpl and com.sun.enterprise.server.pluggable.SecuritySupport classes:</p> <pre><code>@Contract public abstract class SecuritySupport { public static final String KEYSTORE_PASS_PROP = "javax.net.ssl.keyStorePassword"; public static final String TRUSTSTORE_PASS_PROP = "javax.net.ssl.trustStorePassword"; public static final String KEYSTORE_TYPE_PROP = "javax.net.ssl.keyStoreType"; public static final String TRUSTSTORE_TYPE_PROP = "javax.net.ssl.trustStoreType"; public static final String keyStoreProp = "javax.net.ssl.keyStore"; public static final String trustStoreProp = "javax.net.ssl.trustStore"; </code></pre> <p>However, they do not appear to be picked up by Glassfish, because the expired cert is still being found in whatever trusted keystore it defaults to.</p> <p>I would really appreciate some help. Thanks.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload