Arquillian Embedded Glassfish Certificate Expired

Question

On Aug 14th, the gtecybertrust5ca certifcate used by Glassfish expired causing my Arquillian tests to print errors.

This problem is similar to this one: Certificate

Answer 1

I finally got to the bottom of the issue by tracing the Glassfish code that loads the certs. The embedded, at least, version ignores any passed in parameters and looks to its classpath to find the trusted key store to load. It then writes it to a temp location and instructs the server to load and use it.

To get rid of the error messages, grab the cacerts.jks file from its temp location (after running Maven and seeing the expired exception) I found it at: C:\Users\{myUserName}\AppData\Local\Temp\gfembed872323756359721458tmp\config\cacerts.jks.

Copy this file to your project under resources/config/cacerts.jks (it will need to be loaded into your test classpath).

From the command prompt in the directory where you copied the keystore, use your JDK keytool to remove the expired key as follows:

keytool -delete -keystore cacerts.jks -alias gtecybertrust5ca

The Embedded Glassfish should now pick up your updated keystore instead of its default hardcoded version.