Glassfish v4 & SSL - admin no longer works

Question

I\'ve gone through the steps to add an SSL certificate into glassfish v4. I\'ve verified that it works via browsers and via my java swing client (i\'m using apache\'s http

Answer 1

The problem is almost certainly that the distinguished name (DN) of the s1as certificate has changed, but the secure admin principal has not been updated.

There is an asadmin command (enable-secure-admin-principal) which allows you to manually update this, but you can also just run enable-secure-admin again (even though secure admin is already enabled). This command will call the same code as the previous one and replace the secure admin principals with the correct ones from whatever the admin certificate alias is (s1as).

You will then need to restart GlassFish for the change to take effect, but you will then be able to log in to the admin console.

The root cause is that the admin console is essentially doing 2-way SSL along with your login, so your username and password is verified for you, the admin user, then the admin console itself is verified with the DN as a user ID and the s1as key as a password. This is because the admin console communicates with the DAS over REST and needs to identify itself as a trusted client.

---

Hope all that background helps, but the TL;DR is as follows:

1. Run enable-secure-admin once more
2. Restart the domain