{"id":679,"date":"2018-11-22T08:07:19","date_gmt":"2018-11-22T07:07:19","guid":{"rendered":"http:\/\/h2916922.stratoserver.net:8084\/?p=679"},"modified":"2019-07-28T14:15:41","modified_gmt":"2019-07-28T12:15:41","slug":"glassfish-no-longer-logging-its-probably-due-to-expired-certificates","status":"publish","type":"post","link":"https:\/\/www.ivojonker.nl\/?p=679","title":{"rendered":"Glassfish no longer logging? It’s probably due to expired certificates!"},"content":{"rendered":"

A few days ago i noticed my webapp running on glassfish wasn’t producing any log anymore\u00a0 within eclipse. After mingling a bit with the log configuration, i finally decided to go for a fresh glassfish 5 setup, and again i had logging.<\/p>\n

However, after a while i again lost my logging. And, although i’m not sure why, it seems that the expiration of SSL certificates turned out to be the cause.<\/p>\n

2018-11-22T16:16:51.803+0100|Severe: The SSL certificate has expired: [\n[\n  Version: V3\n  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US\n  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5\n  Key:  Sun RSA public key, 1024 bits\n  modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417\n  public exponent: 65537\n  Validity: [From: Sat Aug 22 18:41:51 CEST 1998,\n               To: Wed Aug 22 18:41:51 CEST 2018]\n  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US\n  SerialNumber: [    35def4cf]\nCertificate Extensions: 7\n[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false\nExtension unknown: DER encoded OCTET string =\n0000: 04 0D 30 0B 1B 05 56 33   2E 30 63 03 02 06 C0     ..0...V3.0c....\n[2]: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3\n0010: 98 90 9F D4                                        ....\n]\n]\n[3]: ObjectId: 2.5.29.19 Criticality=false\nBasicConstraints:[\n  CA:true\n  PathLen:2147483647\n]\n[4]: ObjectId: 2.5.29.31 Criticality=false\nCRLDistributionPoints [\n  [DistributionPoint:\n     [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]\n<\/pre>\n
Now, in order to get restore your logging, all you need to do is to remove the expired certificates from your glassfish configuration.<\/p>\n
Follow these two steps:<\/p>\n
    \n
  1. Navigate to your glassfish \/ domain \/ config directory.
    \ncd\u00a0glassfish5\\glassfish\\domains\\domain1\\config<\/span><\/li>\n
  2. Find out the ‘alias’ for the expired certificates mentioned in the log.
    \nkeytool -v -list -keystore cacerts.jks<\/span>
    \n* the above sample will resolve to ‘equifaxsecureca’<\/li>\n
  3. Remove the certificate from glassfish
    \nkeytool -delete -keystore cacerts.jks -alias equifaxsecureca -storePass changeit<\/span><\/li>\n
  4. Restart glassfish, and observe you’re logging is back \ud83d\ude42<\/li>\n<\/ol>\n
    Update 28 july 2019: I currently use the below scripot to remove outdated certificates from glassfish & payara in my docker scripts:<\/p>\n
    RUN\t\t\tcd ${GLASSFISH_HOME}\/glassfish\/domains\/domain1\/config\/ && \\\n\t\t\tfor cert in \"equifaxsecureca\" \"gtecybertrustglobalca\" \"utnuserfirstclientauthemailca\" \"deutschetelekomrootca2\" \"secomvalicertclass1ca\" \"valicertclass2ca\" \"entrustsslca\" \"certplusclass2primaryca\" \"certplusclass3pprimaryca\" \"utndatacorpsgcca\" \"utnuserfirstobjectca\" \"utnuserfirstobjectca [jdk]\" \"utnuserfirsthardwareca\" \"cert_45_deutsche_telekom_root_ca_245\" \"cert_29_certplus_class_2_primary_ca29\" \"cert_38_deutsche_telekom_root_ca_238\" \"utnuserfirsthardwareca [jdk]\" \"certplusclass3pprimaryca [jdk]\" \"certplusclass2primaryca [jdk]\" \"utnuserfirstclientauthemailca [jdk]\"; \\\n\t\t\tdo \\\n\t\t\tkeytool -delete -keystore cacerts.jks -alias \"$cert\" -storePass changeit || echo \"nothing to remove\";\\\n\t\t\tdone\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
    A few days ago i noticed my webapp running on glassfish wasn’t producing any log anymore\u00a0 within eclipse. After mingling a bit with the log configuration, i finally decided to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-679","post","type-post","status-publish","format-standard","hentry","category-geen-categorie"],"_links":{"self":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=679"}],"version-history":[{"count":4,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/679\/revisions"}],"predecessor-version":[{"id":690,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/679\/revisions\/690"}],"wp:attachment":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}