Expired certificate payara5

jmjamison · January 31, 2025, 10:08pm

I’m running payara5 for the Dataverse repository software. The certificate has expired and I’ve tried importing a new one but getting error:
NCLS-ADMIN-00010
javax.net.ssl.SSLHandshakeException: NotAfter: Sun Aug 18 13:30:10 UTC 2024

Do I need to delete or remove expired certificates before the new ones are used. I’ve followed the directions from:
https://docs.payara.fish/community/docs/5.201/documentation/payara-server/server-configuration/ssl-certificates.html

Thank you in advnace,
Jamie

StevenHachel · February 7, 2025, 7:37pm

Hello,

I like to use the Keystore Explorer for this. This allows you to simply delete your certificates located in the /glassfish/domains/domain1/config folder and add the newly created certificates.
I hope that helps a bit.

Steven

jmjamison · February 12, 2025, 8:44pm

Yes, that is very helpful. I have keystore explorer installed locally and will try that out.

jmjamison · February 20, 2025, 10:30pm

I tried keystore. It looks really helpful but my payara server is headless so until I get around that problem I won’t be able to use keystore.

But thank you for the suggestion.

rbillapati · April 3, 2025, 1:28pm

Hi Jamie,

You can proceed to remove the expired certificates by using the following keytool command -

keytool -delete -alias cert-alias -keystore /path/to/keystore -storepass password.

Or you can use the following asadmin command to remove all the expired certificates from the domain mydomainname -

asadmin remove-expired-certificates --domainname mydomainname

Then, you can import the new certificates using the following commands -

To add the certificate to the Keystore using the keytool command -

keytool -importkeystore -destkeystore keystore.p12 -srckeystore mycert.p12 -srcstoretype PKCS12 -alias cert-alias

To add the certificate to the Keystore using Asadmin command -

asadmin add-to-keystore --file mycert.p12 cert-alias

To add the certificate to the Truststore using keytool command -

keytool -importcert -trustcacerts -destkeystore cacerts.jks -file mycert.crt -alias cert-alias

To add the certificate to the Truststore using Asadmin command -

asadmin add-to-truststore --file mycert.crt cert-alias

For more information, please refer to the following blog post -

Thanks & regards
Ramya

Topic		Replies	Views
Cannot configure cert-nickname in 5.2022.5 Technical Discussion security	1	49	August 29, 2024
Secure admin console stopped working Technical Discussion	0	360	April 4, 2024
Client Certificate Usage Question Technical Discussion security	2	296	February 10, 2025
Why is listener-specific keystore not used for subsequent follow-up requests? Technical Discussion	3	270	February 13, 2022
Certificates and MariaDB Payara Server	0	348	March 28, 2022

Expired certificate payara5

Related topics