By monzillo on Jan 11, 2010
Version: V1 Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US Signature Algorithm: MD2withRSA, OID = 1.2.840.1135188.8.131.52 Key: SunPKCS11-Solaris RSA public key, 1000 bits (id 17891456, session object) modulus: public exponent: Validity: [From: Tue Nov 08 19:00:00 GMT-05:00 1994, To: Thu Jan 07 18:59:59 GMT-05:00 2010] Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
The expired authority certificate will be removed in update 18 of Java SE 6. It will also be removed from the Glassfish truststore.
No action is required on your part, as all certificates issued under the expired authority certificate have also expired.
If you would like to stop your installation of Glassfish from reporting the presence of the expired authority certificate, you can use keytool to remove the certificate from the Glassfish truststore.
=> cd domains/domainX/config => cp cacerts.jks cacerts.jks.save => keytool -delete -keystore cacerts.jks -alias verisignserverca Enter keystore password:
to prevent the expired cert from reappearing in subsequently created domains, The cert should also be removed from the template truststore.
=> cd glassfish/lib/templates => cp cacerts.jks cacerts.jks.save => keytool -delete -keystore cacerts.jks -alias verisignserverca Enter keystore password:
For more details on the expired certificate please see:
The Glassfish V3 admin guide may be found at:
For versions and installations of Glassfish that use Network Security Services, i.e., NSS, the certutil command may be used to remove the expired certificate from the cert8.db file, and the corresponding cert8.db template file. For example:
==> cd directory-where-cert8.db-is-located ==> cp cert8.db cert8.db.save ==> certutil -D -n "Verisign/RSA Secure Server CA"