2 Replies Latest reply on Nov 3, 2005 2:26 PM by mdessure

shutdown.bat throws exception when jboss is ssl

mdessure Oct 28, 2005 11:24 AM

Environment:
JBoss 4.0.1SP1
Windows XP/ Linux
JDK1.5

I configured JBoss to use my own ssl certificate and JBoss and my application are happy. The problem arises when I execute the shutdown (shutdown.bat or shutdown.sh) script. I get an ssl exception (details of the exception below). The command I use is "shutdown.bat -s localhost:11029 -S".

Can someone shed some light here to fix this problem? I know I can change the shutdown scripts to call my own class but I would like to avoid that if possible. I tried setting the javax.net.ssl.keyStore and password in the JVM_OPTS for the shutdown invocation with no changes.

Please help. I'm sure I'm not the only one running JBoss with SSL enabled.

StackTrace:
Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy1.shutdown(Unknown Source)
at org.jboss.Shutdown.main(Shutdown.java:205)
Caused by: java.rmi.ServerException: IOE; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:163)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:103)
at org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor.invoke(InvokerAdaptorClientInterceptor.java:51)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
at org.jboss.proxy.ClientMethodInterceptor.invoke(ClientMethodInterceptor.java:59)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:91)
at $Proxy0.invoke(Unknown Source)
at org.jboss.Shutdown$ServerProxyHandler.invoke(Shutdown.java:234)
... 2 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.jboss.invocation.http.interfaces.Util.invoke(Util.java:126)
at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:103)
... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 27 more

1. Re: shutdown.bat throws exception when jboss is ssl

mdessure Nov 1, 2005 12:35 PM (in response to mdessure)

Can someone please help me out with this.
Thanks,
Actions

2. Re: shutdown.bat throws exception when jboss is ssl

mdessure Nov 3, 2005 2:26 PM (in response to mdessure)

Made a little progess. I modified the shutdown.bat to add the following system properties:

-Djavax.net.ssl.trustStore=<path to keystore>
-Djavax.net.ssl.trustStorePassword=<keystore password>
-Djava.protocol.handler.pkgs=javax.net.ssl
-Dorg.jboss.security.ignoreHttpsHost=true

After doing these changes, I noticed 2 things:
1. The ssl implementation used is still sun.net.www... even after I specified the javax.net.ssl implementation. Why?
2. I get a stack overflow exception:

Exception in thread "main" java.lang.StackOverflowError
 at java.lang.Thread.currentThread(Native Method)
 at java.lang.Thread.interrupted(Thread.java:829)
 at EDU.oswego.cs.dl.util.concurrent.ReentrantLock.attempt(ReentrantLock.java:54)
 at org.jboss.mx.loading.RepositoryClassLoader.attempt(RepositoryClassLoader.java:744)
 at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:431)
 at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
 at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
 at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:150)
 at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
 at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
 at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
 at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
 at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
...

Go to original post