4 Replies Latest reply on Oct 7, 2013 9:52 AM by titmael

    Use PKCS12 keystore

    titmael
    titmael Oct 7, 2013 6:40 AM

      Hi,

       

      I'm migrating from JBoss 4.2.2 to Wildfly 8 Beta.

      I took my keystore named gallery.keystore.p12 and placed it in standalone/configuration.

       

      I followed this topic : Setting up https connector, is it the same as AS7?

       

      -------------------------------------------------------------------------------------------------------------

       

      I add a security-realm :

       

      <security-realm name="UndertowRealm">

              <server-identities>

                   <ssl protocol="TLS">

                        <keystore path="gallery.keystore.p12" relative-to="jboss.server.config.dir" keystore-password="mypassw"/>

                    </ssl>

              </server-identities>

      </security-realm>

       

      Then in <subsystem xmlns="urn:jboss:domain:undertow:1.0"> I added :

      <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

       

      Finally, at the end in socket-binding-group:

      <socket-binding name="https" port="${jboss.https.port:8443}"/>

       

      When I load the server I have an error :

      MSC000001: Failed to start service jboss.server.controller.management.security_realm.UndertowRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.UndertowRealm.keystore: JBAS015229: Unable to start service

              at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:118) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]

              at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:60) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]

              at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

      Caused by: java.io.IOException: Invalid keystore format

              at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) [rt.jar:1.7.0_25]

              at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) [rt.jar:1.7.0_25]

              at java.security.KeyStore.load(KeyStore.java:1214) [rt.jar:1.7.0_25]

              at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:92) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]

              ... 6 more

       

      I guess there is a way to specify my keystore type, but didn't found it in the doc : SSL setup guide - WildFly 8 - Project Documentation Editor

       

      EDIT :

      If I use this realm :

      <security-realm name="UndertowRealm">

              <server-identities>

                   <ssl protocol="TLS">

                        <keystore path="../standalone/configuration/gallery.keystore.p12" relative-to="jboss.server.config.dir" keystore-password="mypassw"/>

                    </ssl>

              </server-identities>

      </security-realm>

       

      No more error at launch but an error in my browser : ERR_SSL_VERSION_OR_CIPHER_MISMATCH