remote failure error enabling secure admin Heron Montana

Address Highway 2, Libby, MT 59923
Phone (406) 551-6603
Website Link

remote failure error enabling secure admin Heron, Montana

Start the domain. So in theory there should be no need to also add the self-signed certs you are creating for the domain to cacerts.jks also. What I don't see is why the glassfish-instance cert would cause trouble with accessing the server using the console. Running the asadmin start-domain command When I tried launching the web browser to access the web admin console, GlassFish is prompting for username and password.

Second, I'll assume you are also restarting any running servers (the DAS and any instances) once you enable (or disable) secure admin. Then my VPS crashed. One question: Do you see the same problem if you use the asadmin tool instead of the admin console? You will need to use the asadmin change-admin-password or the corresponding feature of the console to assign a non-empty password to the admin username.

matthew weaver Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Error: Could not find the alias s1as in the Your Comment: HTML Syntax: NOT allowed About News and musings on the technology I work on at Oracle. Show lidiam added a comment - 11/Nov/11 11:07 PM The suggested addition should greatly improve user experience (instead of searching online for solutions, when the error is encountered). That's more complicated than we want to do for 3.1.2.

To comply with the security requirement the enable-secure-admin command has changed, with the result you are seeing. I do have my CA cert in cacerts. What is the impact on the customer of the bug? Several things work differently when you encrypt admin traffic.

Hence when administrators execute enable-secure-admin command they are bound to hit this issue. Why? Previously, I just added it under some random alias, assuming it didn't matter (for cacerts.jks that is - I know it matters for keystore.jks). Thanks. - Tim Posted by Tim Quinn on September 17, 2012 at 04:02 PM CDT # I should have asked this earlier - what version and build of Java are you

I have a question, too: Can we still convert easily if we had [...] Eduard wrote: Thank you! Please open an issue so this can be worked more effectively. keystore.jks I can't list the entries since I get an error: "keytool error: java.lang.Exception: Keystore file does not exist: keystore.jks" matthew weaver Reply | Threaded Open this post in threaded view So far there does not seem to be a good workaround, but we are still looking.

In the end both variants have to wait for the output, right? Is that correct? Free forum by Nabble Edit this page Search Search for: twostepsaheadtoday Two Steps Ahead Menu Skip to content About Open Search GlassFish 4 Admin Console LoginProblem I just tried to setup The Enterprise Java Future Is Bright: Java EE 8 MicroProfile Launched A Code-Driven Microservices Session.

That checking code failed if the user configures a non-default admin realm, such as LDAP, throwing a NPE. I'm not sure if this is just a GF 3.1 thing, or what. This is what started us down the path of using a domain template that populated the other attributes (such as group-search-filter). This change skips the check if the admin realm is not the file realm.

In 3.1 the cert itself does need to be in cacerts. This way the sensitive credentials are never sent in the clear - with secure admin enabled, that is. In addition to notifying user that at least one admin password is blank, tell them how to fix it (i.e. Try this command: asadmin enable-secure-admin --adminalias gateway Matthew Weaver Lead Developer - CONNECT Product Team Gary Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content

N/A Show Tim Quinn added a comment - 04/Apr/13 12:55 PM The earlier fix for this was not correct, and when using an LDAP realm for admin authentication the enable-secure-admin command That is, the DAS uses its certificate to authenticate itself to the instances, and the instances use their certificate to authenticate themselves to the DAS. Do a keytool -list on that store and HOST1 should be in there if you ran the keytool commands exactly as they are written.  Matthew TillerCONNECT development team Matthew Tiller CONNECT You will notice this the first time you use asadmin or some other admin client to contact the DAS.

I am accessing the admin web console form my laptop. Posted by guest on September 17, 2012 at 10:54 PM CDT # By "both sides" I meant the client system (where the browser is) and the server system (where the DAS The fix is a one-line (actually a one-word) fix. However, i think that there is a difference between Glassfish installations on Ubuntu and Centos.

Make sure you have a keystore.jks file in $GF_HOME/glassfish/domains/domain1/config directory (assuming your domain is domain1). The admin console check-box in 3.1 is confusing. Does WiFi traffic from one client to another travel via the access point? thanks Matthew.

Why is international first class much more expensive than international economy class? Thanks again for all your info/suggestions/help! Use the change-admin-password command or the admin console to create non-empty passwords for admin accounts.Command enable-secure-admin failed. I have tried the default of adminadmin but it fails.

Figure 3. Part of the requirement is to prohibit users from enabling secure admin if they have any admin user which has an empty password. In the fresh installation, you will see here next error message: "remote failure: At least one admin user has an empty password, which secure admin does not permit. You will rarely see evidence of this cert yourself, although if you use the monitoring add-on (which allows you to connect directly to instances to retrieve monitoring information) asadmin will ask

My CentOS server is a headless server running on VMware. I restarted glassfish successfully, but then I was unable to re-connect via https://localhost:4848. Here's my output: $ keytool -list -keystore keystore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries glassfish-instance, Jul 19, 2011, PrivateKeyEntry, Certificate fingerprint (MD5): 19:E3:36:F6:2E:DA:7C:E0:6A:17:18:19:19:71:86:61 If the keystore exists, then make sure s1as exists.

Then after you enable secure admin you can restart the DAS and start up any instances you want.) Remember also that after you run the enable-secure-admin command GlassFish allows remote administration. Once you accept the DAS cert from a given domain asadmin remembers it and will not ask you about that cert again. But this time, I decided to add it into cacerts.jks under the "s1as" alias - replacing the self-signed cert that was in there from initial install. The security check is failing because secure admin is not enabled.

Figure 2. This might be list of Jira issues from that project or a list of revision messages. Gary Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Error: Could not find the alias s1as in the trust The message now suggests that the user run change-admin-password or the console equivalent.

Note also that I didn't make any changes to the 'glassfish-instance' entry - as you indicated, it doesn't seem to enter into the picture when talking to the DAS.