Paraya 5.191 ignores the JVM Option "-Djavax.net.ssl.keyStore" if there are a protocol definition
19 views
Skip to first unread message
Andreas Kutschke
Apr 18, 2019, 4:44:24 AM4/18/19
to Payara Forum
Payara reacts differently on the KeyStore definitions in the domain. xml file than GlassFish 4. 1. 2.
In GlassFish, the global JVM KeyStore definition via the -Djavax. net.ssl.keyStore option:
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/cipka.jks</jvm-options>
is a fallback value if the protocol's own definition is not found:
<protocol name="http-listener-2" security-enabled="true">
<http max-connections="250" default-virtual-server="server">
<file-cache max-age-seconds="3600" enabled="true"></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" key-store="cipka.jks"></ssl>
</protocol>
This is not the case in Payara5. If the protocol definition is incorrect (as above - relative path "config/" misses), the SSL connection is not possible at all.
Is that documented? Where can we find this information?
Which of the both keyStore-definitions is to be used: the general JVM definition (javax.net.ssl.keyStore) or the local protocol definition as above, which overloads the JVM definition?
Thanks
Andreas
In GlassFish, the global JVM KeyStore definition via the -Djavax. net.ssl.keyStore option:
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/cipka.jks</jvm-options>
is a fallback value if the protocol's own definition is not found:
<protocol name="http-listener-2" security-enabled="true">
<http max-connections="250" default-virtual-server="server">
<file-cache max-age-seconds="3600" enabled="true"></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" key-store="cipka.jks"></ssl>
</protocol>
This is not the case in Payara5. If the protocol definition is incorrect (as above - relative path "config/" misses), the SSL connection is not possible at all.
Is that documented? Where can we find this information?
Which of the both keyStore-definitions is to be used: the general JVM definition (javax.net.ssl.keyStore) or the local protocol definition as above, which overloads the JVM definition?
Thanks
Andreas
Reply all
Reply to author
Forward
0 new messages