[JBoss JIRA] (AS7-4963) HTTPS configuration throws errors in when running domain.sh and no errors in case of standalone.sh
1:18 p.m.
Andriy Kalashnykov created AS7-4963:
---------------------------------------
Summary: HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Anil Saldhana
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:41 a.m.
[
https://issues.jboss.org/browse/AS7-4963?page=com.atlassian.jira.plugin.s...
]
Brian Stansberry commented on AS7-4963:
---------------------------------------
The stack trace in the description is coming from the mod_cluster subsystem, not the web
subsystem. Is the mod_cluster configuration correct?
HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
--------------------------------------------------------------------------------------------------
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Anil Saldhana
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:35 a.m.
[
https://issues.jboss.org/browse/AS7-4963?page=com.atlassian.jira.plugin.s...
]
Andriy Kalashnykov commented on AS7-4963:
-----------------------------------------
Hot to check if configuration is "correct" or "incorrect"?
I wanted to pointed out that same configuration works for standalone, but doesn't work
for domain...
HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
--------------------------------------------------------------------------------------------------
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Anil Saldhana
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:12 a.m.
[
https://issues.jboss.org/browse/AS7-4963?page=com.atlassian.jira.plugin.s...
]
Brian Stansberry commented on AS7-4963:
---------------------------------------
What does the mod_cluster subsystem configuration look like? Mod_cluster opens a
communication channel from the AS instance back to the httpd load balancer. It uses that
back-channel to send information about server state to the load balancer. That
back-channel can be configured to use SSL. The web subsystem <connector>
configuration you pasted does not affect the config of this mod_cluster back-channel in
any way. I suspect there is some modification you made to the web subsystem
<connector> config (i.e. the location of the certificate-key-file) that is missing
in the mod_cluster subsystem config.
HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
--------------------------------------------------------------------------------------------------
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Anil Saldhana
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:30 p.m.
[
https://issues.jboss.org/browse/AS7-4963?page=com.atlassian.jira.plugin.s...
]
Anil Saldhana reassigned AS7-4963:
----------------------------------
Assignee: Jean-Frederic Clere (was: Anil Saldhana)
HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
--------------------------------------------------------------------------------------------------
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Jean-Frederic Clere
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:48 a.m.
[
https://issues.jboss.org/browse/AS7-4963?page=com.atlassian.jira.plugin.s...
]
Jean-Frederic Clere commented on AS7-4963:
------------------------------------------
it looks like the mod_cluster configuration is incorrect like it is using the default
keystore and that keystore is not the same in all nodes.
HTTPS configuration throws errors in when running domain.sh and no
errors in case of standalone.sh
--------------------------------------------------------------------------------------------------
Key: AS7-4963
URL: https://issues.jboss.org/browse/AS7-4963
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.1.Final
Environment: Red Hat Linux x64 (virtual via VMWare)
Reporter: Andriy Kalashnykov
Assignee: Jean-Frederic Clere
Configuring SSL in "ha" profile of domain.xml:
<connector name="https" protocol="HTTP/1.1"
socket-binding="https" scheme="https" secure="true"
enable-lookups="false">
<ssl cipher-suite="ALL" protocol="TLSv1"
verify-client="false" name="https" key-alias="jboss"
password="jbossjboss"
certificate-key-file="/opt/jboss/jboss-as-7.1.1.Final/standalone/configuration/keystore.jks"/>
</connector>
Executing ./domain.sh, and in the JBoss logs there is an error:
[Server:web-server-group-001] 13:55:24,152 ERROR [stderr] (pool-6-thread-1) Exception in
thread "pool-6-thread-1" java.lang.IllegalStateException: java.io.IOException:
Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,157 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
[Server:web-server-group-001] 13:55:24,160 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
[Server:web-server-group-001] 13:55:24,165 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
[Server:web-server-group-001] 13:55:24,166 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.addProxy(DefaultMCMPHandler.java:179)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl$AdvertiseListenerWorker.run(AdvertiseListenerImpl.java:443)
[Server:web-server-group-001] 13:55:24,171 ERROR [stderr] (pool-6-thread-1) at
java.lang.Thread.run(Thread.java:662)
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) Caused by:
java.io.IOException: Keystore was tampered with, or password was incorrect
[Server:web-server-group-001] 13:55:24,177 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[Server:web-server-group-001] 13:55:24,178 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
java.security.KeyStore.load(KeyStore.java:1185)
[Server:web-server-group-001] 13:55:24,190 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getStore(JSSESocketFactory.java:259)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeystore(JSSESocketFactory.java:208)
[Server:web-server-group-001] 13:55:24,191 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:280)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) at
org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:98)
[Server:web-server-group-001] 13:55:24,202 ERROR [stderr] (pool-6-thread-1) ... 5 more
[Server:web-server-group-001] 13:55:24,203 ERROR [stderr] (pool-6-thread-1) Caused by:
java.security.UnrecoverableKeyException: Password verification failed
[Server:web-server-group-001] 13:55:24,205 ERROR [stderr] (pool-6-thread-1) at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[Server:web-server-group-001] 13:55:24,206 ERROR [stderr] (pool-6-thread-1) ... 11 more
If mentioned above configuraion parameters copied to standalone.xml and ./standalone.sh
executed - there will be no errors reported.
Interestingly, as result HTTPS will be available on port 8443 in both cases...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
4520
days inactive
4659
days old
5 comments
4 participants
participants (4)
-
Andriy Kalashnykov (JIRA) -
Anil Saldhana (JIRA)
-
Brian Stansberry (JIRA)
-
Jean-Frederic Clere (JIRA)