Payar 5 on CentOS 7 fails after installing SSL Certificate

[Satinder Singh]

I have installed Payara 5 on CentOS 7 Server successfully. Since, I intend to run my web application securly, I installed the SSL Certificate by following the instructions/steps here - 

https://www.ssls.com/knowledgebase/how-to-install-an-ssl-certificate-on-glassfish/

Since I run Payara as a Service, when I restart the Payara Service (after installing the SSL Certificate), I get the following error-

journalctl -xe

Nov 28 13:43:51 server1.gdfnow.org sshd[22275]: input_userauth_request: invalid user saned [preauth]

Nov 28 13:43:51 server1.gdfnow.org sshd[22275]: pam_unix(sshd:auth): check pass; user unknown

Nov 28 13:43:51 server1.gdfnow.org sshd[22275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.73.48

Nov 28 13:43:53 server1.gdfnow.org sshd[22275]: Failed password for invalid user saned from 51.83.73.48 port 49440 ssh2

Nov 28 13:43:54 server1.gdfnow.org sshd[22275]: Received disconnect from 51.83.73.48 port 49440:11: Bye Bye [preauth]

Nov 28 13:43:54 server1.gdfnow.org sshd[22275]: Disconnected from 51.83.73.48 port 49440 [preauth]

Nov 28 13:43:59 server1.gdfnow.org unix_chkpwd[22280]: password check failed for user (root)

Nov 28 13:43:59 server1.gdfnow.org sshd[22278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.148  user=root

Nov 28 13:43:59 server1.gdfnow.org sshd[22278]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Nov 28 13:44:01 server1.gdfnow.org sshd[22278]: Failed password for root from 222.186.175.148 port 53926 ssh2

Nov 28 13:44:02 server1.gdfnow.org unix_chkpwd[22281]: password check failed for user (root)

Nov 28 13:44:02 server1.gdfnow.org sshd[22278]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Nov 28 13:44:04 server1.gdfnow.org sshd[22278]: Failed password for root from 222.186.175.148 port 53926 ssh2

Nov 28 13:44:05 server1.gdfnow.org unix_chkpwd[22282]: password check failed for user (root)

Nov 28 13:44:05 server1.gdfnow.org sshd[22278]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Nov 28 13:44:07 server1.gdfnow.org sshd[22278]: Failed password for root from 222.186.175.148 port 53926 ssh2

However, If I restart the server using the standard method of ./asadmin start-domain, the Server/Domain does start, when I access it on the IP Address, but is still on unsafe mode. This behavior can be seen on the attached screen shots of the default/landing page (running on Port 80 instead of standard 8080) and the Admin page on Port 4848.

 

[Rudy De Busscher]

Hi,

Adding the SSL certificate has only effect for the http-listener-2, listening on port 8181. The default http port, 8080 or 80 if you have reconfigured it, does not use it since ssl is not enabled on it.

You can also have a look at this blog https://blog.payara.fish/securing-payara-server-with-custom-ssl-certificate and the section "Enable Security on HTTP listener". Through the web console (or asadmin command line) you can eirther reconfigure the listener-2 to listen on port 80, or activate SSL on listener-1.

The errors in the journal might be related to you deployment group setup. But I do not have enough information to confirm this.

regards

Rudy

[Satinder Singh]

@Rudy,

Many thanks for your input. Since then I have simplified my implementation. I am now serving my website through Apache Web Server (httpd) that hosts the SSL Certificate.

A request comes to port 80 (http://).

Get redirected to port 443 (https://)

Apache requests get served by Payara via ProxyPass feature on httpd in .conf file

And it works like charm.

Best Regards

Satinder