[jboss-jira] [JBoss JIRA] (AS7-4963) HTTPS configuration throws errors in when running domain.sh and no errors in case of standalone.sh

HTTPS configuration throws errors in when running domain.sh and no errors in case of standalone.sh -------------------------------------------------------------------------------------------------- Key: AS7-4963 URL: https://issues.jboss.org/browse/AS7-4963 Project: Application Server 7 Issue Type: Bug Components: Security Affects Versions: 7.1.1.Final Environment: Red Hat Linux x64 (virtual via VMWare) Reporter: Andriy Kalashnykov Assignee: Jean-Frederic Clere Configuring SSL in "ha" profile of domain.xml: <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true" enable-lookups="false"> <ssl cipher-suite="ALL" protocol="TLSv1" verify-client="false" name="https" key-alias="jboss" password="jbossjboss" certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/> </connector> Executing ./domain.sh, and in the JBoss logs there is an error: [Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException: Keystore was tampered with, or password was incorrect [Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113) [Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747) [Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183) [Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179) [Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443) [Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at java.lang.Thread.run(Thread.java:662) [Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect [Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771) [Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) [Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at java.security.KeyStore.load(KeyStore.java:1185) [Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259) [Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208) [Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280) [Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98) [Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more [Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by: java.security.UnrecoverableKeyException: Password verification failed [Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769) [Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh executed - there will be no errors reported. Interestingly, as result HTTPS will be available on port 8443 in both cases...