Use PKCS12 keystore
titmael Oct 7, 2013 6:40 AMHi,
I'm migrating from JBoss 4.2.2 to Wildfly 8 Beta.
I took my keystore named gallery.keystore.p12 and placed it in standalone/configuration.
I followed this topic : Setting up https connector, is it the same as AS7?
-------------------------------------------------------------------------------------------------------------
I add a security-realm :
<security-realm name="UndertowRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="gallery.keystore.p12" relative-to="jboss.server.config.dir" keystore-password="mypassw"/>
</ssl>
</server-identities>
</security-realm>
Then in <subsystem xmlns="urn:jboss:domain:undertow:1.0"> I added :
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Finally, at the end in socket-binding-group:
<socket-binding name="https" port="${jboss.https.port:8443}"/>
When I load the server I have an error :
MSC000001: Failed to start service jboss.server.controller.management.security_realm.UndertowRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.UndertowRealm.keystore: JBAS015229: Unable to start service
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:118) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:60) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) [rt.jar:1.7.0_25]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) [rt.jar:1.7.0_25]
at java.security.KeyStore.load(KeyStore.java:1214) [rt.jar:1.7.0_25]
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:92) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]
... 6 more
I guess there is a way to specify my keystore type, but didn't found it in the doc : SSL setup guide - WildFly 8 - Project Documentation Editor
EDIT :
If I use this realm :
<security-realm name="UndertowRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="../standalone/configuration/gallery.keystore.p12" relative-to="jboss.server.config.dir" keystore-password="mypassw"/>
</ssl>
</server-identities>
</security-realm>
No more error at launch but an error in my browser : ERR_SSL_VERSION_OR_CIPHER_MISMATCH