Jul 18, 2017

How to fix Glassfish web admin console login problem because of SSL certificate issue

We need to add wget command to our script to download the most Recent CA file revisions per date of apperance from recent trusted ca revisions from mozilla

#note that chageit is the default keystore password
KEYSTOREPW=changeit
GFDOMAIN=/opt/glassfish/glassfish/domains/domain1


mkdir etc 
cd etcwget https://curl.haxx.se/ca/cacert-2017-06-07.pem --no-check-certificate -O cacert.pem

PEM_FILE=cacert.pem
KEYSTORE=cacerts.jks

CERTS=$(grep 'END CERTIFICATE' $PEM_FILE| wc -l)

for N in $(seq 0 $(($CERTS -1))); do
    ALIAS="${PEM_FILE%.*}-$N"
    cat $PEM_FILE | awk "n==$N { print }; /END CERTIFICATE/ { n++ }" |
    keytool -noprompt -import -trustcacerts \
            -alias $ALIAS -keystore $KEYSTORE -storepass $KEYSTOREPW
done
sudo keytool -list -keystore keystore.jks -storepass $KEYSTOREPW
sudo keytool -list -keystore cacerts.jks -storepass $KEYSTOREPW

if [ ! -f $GFDOMAIN/config/keystore-orig.jks ]; then
echo "Backing up original files..."
sudo cp -f $GFDOMAIN/config/keystore.jks $GFDOMAIN/config/keystore-orig.jks
sudo cp -f $GFDOMAIN/config/cacerts.jks $GFDOMAIN/config/cacerts-orig.jks
fi
echo "Updating certificates..."
sudo cp -f keystore.jks $GFDOMAIN/config/keystore.jks
sudo cp -f cacerts.jks $GFDOMAIN/config/cacerts.jks

cd ..

echo stop and restart glassfish domain to complete

cd ..
sudo rm -rf etc