[jboss-user] [Installation, Configuration & Deployment] - SSL-Connector - problem with keystore format

SideWinder do-not-reply at jboss.com
Thu Nov 23 16:06:02 EST 2006


I want to test an application which needs a https-connection and a certificate with the extended parameter "keyUsage digitalSignature" set.

First I set up an SSL-connector:

  | <Connector port="8443" address="${jboss.bind.address}"
  |        maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
  |        emptySessionPath="true"
  |        scheme="https" secure="true" enableLookups="uri"
  |        useURIValidationHack="false" disableUploadTimeout="true"
  |        clientAuth="false" sslProtocol="TLS"
  |        keystoreFile="${jboss.server.home.dir}/conf/https.keystore"
  |        keystorePass="*****"
  | />
  | 

Then created the certificate with OpenSSL:

  | // generating the key
  | openssl genrsa -des3 -out C:\CertTest\https.key
  | 
  | // generating the certificate request
  | openssl req -new -config C:\CertTest\elogon.cfg -key C:\CertTest\https.key -out C:\CertTest\https.csr
  | 
  | // sign the certificate (by myself)
  | openssl x509 -req -days 365 -in C:\CertTest\https.csr -signkey C:\CertTest\https.key -out C:\CertTest\https.crt
  | 
  | // putting the certificate into the keystore
  | openssl pkcs12 -export -name eLogon -in C:\CertTest\https.crt -inkey C:\CertTest\https.key -out C:\CertTest\https.keystore
  | 
I copied the https.keystore file into the conf-directory of JBoss. But when I start JBoss I get an error:

  | 21:56:36,437 14187 ERROR [Http11BaseProtocol] (main:) Error initializing endpoint
  | java.io.IOException: Invalid keystore format
  | 

I've read this wiki-article: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup and checked my keystore with:

  | keytool -list -keystore C:\CertTest\https.keystore -storetype PKCS12
  | 
it seems correct. Keystore type: PKCS12, Keystore provider: SunJSSE and 1 entry:

  | elogon, 23.11.2006, keyEntry,
  | Zertifikatsfingerabdruck (MD5): ****
  | 


So why can't JBoss read my keystore-file?


best regards,
dominik


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988273#3988273

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988273



More information about the jboss-user mailing list