Adding keystore with generate-self-signed-certificate-host and without key-password specified fails upon first request ---------------------------------------------------------------------------------------------------------------------- Key: WFCORE-2720 URL: https://issues.jboss.org/browse/WFCORE-2720 Project: WildFly Core Issue Type: Bug Components: Security, Server Reporter: Stuart Douglas Assignee: Stuart Douglas Priority: Critical Labels: legacy If I create keystore with generate-self-signed-certificate-host defined, and define https listener to use such keystore, upon first request, when it is being created it fails with \[1\]. Any following requests results in this log message \[2\]. All the requests are hanging till client timeouts them. If the key-password is really needed, I believe it should be validated upon configuration creation. Also the requests should be terminated and rejected with 500 due server failing to initialize the ssl context due server being incorrectly configured. \[1\] {noformat} 13:15:45,781 ERROR [org.xnio.listener] (default I/O-6) XNIO001007: A channel event listener threw an exception: java.lang.RuntimeException: WFLYDM0114: Failed to lazily initialize SSL context at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:231) at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:257) at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361) at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139) at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588) at org.xnio.nio.WorkerThread.run(WorkerThread.java:468) Caused by: java.lang.RuntimeException: WFLYDM0112: Failed to generate self signed certificate at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:219) at org.jboss.as.domain.management.security.FileKeyManagerService.loadKeyStore(FileKeyManagerService.java:185) at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:125) at org.jboss.as.domain.management.security.AbstractKeyManagerService.getKeyManagers(AbstractKeyManagerService.java:104) at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.doInit(SSLContextService.java:228) ... 12 more Caused by: java.lang.IllegalArgumentException: password can't be null at sun.security.provider.KeyProtector.<init>(KeyProtector.java:135) at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:266) at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70) at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) at org.jboss.as.domain.management.security.FileKeyManagerService.generateFileKeyStore(FileKeyManagerService.java:212) ... 16 more {noformat} \[2\] {noformat} 13:34:05,862 ERROR [org.xnio.listener] (default I/O-2) XNIO001007: A channel event listener threw an exception: java.lang.IllegalStateException: SSLContextImpl is not initialized at sun.security.ssl.SSLContextImpl.engineCreateSSLEngine(SSLContextImpl.java:207) at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361) at org.jboss.as.domain.management.security.SSLContextService$LazyInitSSLContext$LazyInitSpi.engineCreateSSLEngine(SSLContextService.java:258) at javax.net.ssl.SSLContext.createSSLEngine(SSLContext.java:361) at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139) at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588) at org.xnio.nio.WorkerThread.run(WorkerThread.java:468) {noformat}