Skip to content

JMX Startup failed in docker #26024

Open
Open
JMX Startup failed in docker#26024
Milestone
8.0.3
@dmatej

Description

@dmatej
dmatej
opened on May 7, 2026

The endpoint can have several hostnames and several certificates, but this tries just with host's name.
The ConnectorStarter.hostname() should probably try to check all local/loopback endpoints and accept first which passes rules.
Seen in a docker image test for 8.0.2.

GF: [#|2026-05-07T22:04:46.130978Z|WARNING|GF 8.0.2|jakarta.enterprise.system.jmx|_ThreadID=142;_ThreadName=Thread-20;_LevelValue=900;|
GF:   Cannot start JMX connector GlassFishConfigBean.com.sun.enterprise.config.serverbeans.JmxConnector(address=0.0.0.0,port=8686,name=system,auth-realm-name=admin-realm)
GF: java.io.IOException: Cannot bind to URL [rmi://42af97ed75c7:8686/jmxrmi]: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
GF:     javax.net.ssl.SSLHandshakeException: (certificate_unknown) No name matching 42af97ed75c7 found]
GF:     at java.management.rmi/javax.management.remote.rmi.RMIConnectorServer.newIOException(RMIConnectorServer.java:831)
GF:     at java.management.rmi/javax.management.remote.rmi.RMIConnectorServer.start(RMIConnectorServer.java:478)
GF:     at org.glassfish.admin.mbeanserver.RMIConnectorStarter.start(RMIConnectorStarter.java:305)
GF:     at org.glassfish.admin.mbeanserver.JMXStartupService$JMXConnectorsStarterThread.startConnector(JMXStartupService.java:284)
GF:     at org.glassfish.admin.mbeanserver.JMXStartupService$JMXConnectorsStarterThread.run(JMXStartupService.java:317)
GF: Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
GF:     javax.net.ssl.SSLHandshakeException: (certificate_unknown) No name matching 42af97ed75c7 found]
GF:     at jdk.naming.rmi/com.sun.jndi.rmi.registry.RegistryContext.rebind(RegistryContext.java:182)
GF:     at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.rebind(GenericURLContext.java:266)
GF:     at java.naming/javax.naming.InitialContext.rebind(InitialContext.java:436)
GF:     at java.naming/javax.naming.InitialContext.rebind(InitialContext.java:436)
GF:     at java.management.rmi/javax.management.remote.rmi.RMIConnectorServer.bind(RMIConnectorServer.java:688)
GF:     at java.management.rmi/javax.management.remote.rmi.RMIConnectorServer.start(RMIConnectorServer.java:473)
GF:     ... 3 more
GF: Caused by: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
GF:     javax.net.ssl.SSLHandshakeException: (certificate_unknown) No name matching 42af97ed75c7 found
GF:     at java.rmi/sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:308)
GF:     at java.rmi/sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:204)
GF:     at java.rmi/sun.rmi.server.UnicastRef.newCall(UnicastRef.java:345)
GF:     at java.rmi/sun.rmi.registry.RegistryImpl_Stub.rebind(RegistryImpl_Stub.java:150)
GF:     at jdk.naming.rmi/com.sun.jndi.rmi.registry.RegistryContext.rebind(RegistryContext.java:180)
GF:     ... 8 more
GF: Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) No name matching 42af97ed75c7 found
GF:     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
GF:     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:383)
GF:     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
GF:     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
GF:     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1287)
GF:     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1164)
GF:     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1107)
GF:     at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
GF:     at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:477)
GF:     at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
GF:     at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:206)
GF:     at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
GF:     at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
GF:     at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
GF:     at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
GF:     at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:922)
GF:     at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1291)
GF:     at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:125)
GF:     at java.base/java.io.BufferedOutputStream.implFlush(BufferedOutputStream.java:252)
GF:     at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:240)
GF:     at java.base/java.io.DataOutputStream.flush(DataOutputStream.java:131)
GF:     at java.rmi/sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:243)
GF:     ... 12 more
GF: Caused by: java.security.cert.CertificateException: No name matching 42af97ed75c7 found
GF:     at java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:229)
GF:     at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:103)
GF:     at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:466)
GF:     at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:432)
GF:     at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
GF:     at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
GF:     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1271)
GF:     ... 29 more
GF: |#]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions