3

I am reading this tutorial page: https://javaee.github.io/tutorial/security-intro006.html Which explains that I should be able to view the SSL version of the home page (index.html) by going to the following URL: https://localhost:8181. However, when I point my browser at this address I receive an error that is shown in Figure 1.

I have a feeling configuring this could take hours the first time. Does anyone have a tutorial that can help me configure HTTPS on my loopback address in Glassfish?

I found links to documentation on the administration console, running on port 4848, but this is tough to understand. The quick start guide does not cover this aspect. I mean there is a quick start guide also on the administration console but configuring HTTPS is not covered.

enter image description here Figure 1: HTTPS/SSL page not working - glassfish v5

FIXED I think Mike helped me fix this problem. Thank-you Mike! That was a solution I would not of come up with on my own. Thank-you for getting me out of that hole.

However, when I now access this secure web address on my loopback address, https://localhost:8181, I actually see the webpage and not the error page shown in Figure 1. However, there is a red line through the protocol in the URL and the words explaining that the connection is not secure. How can I make the connection secure?

enter image description here Figure 2: Glassfish HTTPS home page working but not secure

user3808269
  • 1,321
  • 3
  • 21
  • 40

1 Answers1

0

If you look in the logs, you will likely see something like this after you try to visit the secure page:

[2018-05-21T14:34:31.982+0100] [glassfish 5.0] [WARNING] [] [org.glassfish.grizzly.filterchain.DefaultFilterChain] [tid: _ThreadID=100 _ThreadName=http-listener-2(2)] [timeMillis: 1526909671982] [levelValue: 900] [[
  GRIZZLY0013: Exception during FilterChain execution
java.lang.NoClassDefFoundError: sun/security/ssl/SupportedEllipticCurvesExtension
        at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:82)
        at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:362)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:223)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:984)

The solution to this is to downgrade your version of Java to a version below 8u161.

I answered this in more detail in another answer but, if you do not like the idea of downgrading Java, you could either use the latest GlassFish 5.0.1 nightly or switch to Payara 5, which is derived from GlassFish and should work the same in most cases.

Edit: Note that, after making one of these changes, you will still need to add a security exception so that your browser accepts the self-signed certificate, but the page should work with no further issues; I verified this myself with Java 8u144

Mike
  • 4,852
  • 1
  • 29
  • 48
  • Mike, thank-you for the help. This seems to work but there is a red line through the https in the URL. I was not expecting the red line and the words showing that the connection is not secure. Please see a screenshot of this in my question. I will post the picture there as I cannot here in the comments. I downgraded to Java jdk 1.8.0_152, btw. – user3808269 May 21 '18 at 16:52
  • Mike, is there anyway to have the connection be secure? As of now there is the aforementioned red line through the protocol in the address and the words "not secure" with a red triangle with an exclamation point inside of said triangle. – user3808269 May 21 '18 at 17:03
  • You need to either get your browser to trust the demo certificate that came with GlassFish (bad idea) or get a valid SSL certificate for your domain (good idea). LetsEncrypt is the best/easiest way (because it's free). Once you've done that, you can follow these instructions: https://blog.payara.fish/securing-payara-server-with-custom-ssl-certificate – Mike May 21 '18 at 17:49
  • 2
    Wow, thank-you again Mike for the very helpful help with this problem. – user3808269 May 21 '18 at 19:26
  • This page explains a simpler way to create a certificate for localhost: https://letsencrypt.org/docs/certificates-for-localhost/ – user3808269 May 21 '18 at 21:05
  • Although adding a certificate to localhost is not so simple. I have no idea and all the tools are for Linux. I may give up trying to create a certificate for the localhost. – user3808269 May 21 '18 at 22:03