-
1. Re: Problem using SSL in Wildfly
johnmcwho Dec 3, 2013 5:37 AM (in response to johnmcwho)That is the error:
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.testSSLRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.testSSLRealm.keystore: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1900) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
Caused by: java.lang.NullPointerException: invalid null input
at java.security.KeyStore.setEntry(KeyStore.java:1321) [rt.jar:1.7.0_13]
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:106)
at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:60)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
... 3 more
-
2. Re: Problem using SSL in Wildfly
dlofthouse Dec 3, 2013 6:04 AM (in response to johnmcwho)I believe there is a bug here but possibly caused by a bad config.
Could you please list the contents of the keystore, we need to verify that the alias you are specifying is a valid alias - from the stack I am suspecting maybe not, or maybe it is only an alias to a certificate and not the private key.
-
3. Re: Problem using SSL in Wildfly
johnmcwho Dec 3, 2013 6:28 AM (in response to dlofthouse)Hopefully that helps. The same keystore was still working in tomcat. Thanks.
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
tdnght, Dec 2, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): AA:D4:3E:7B:37:57:A2:FA:48:39:62:28:0D:C3:BD:81:A7:C5:01:82
comodosslca, Dec 2, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): B4:C6:61:80:C5:20:BA:D6:88:47:0E:F8:0B:B2:2B:EB:A8:39:1C:22
server, Dec 2, 2013, PrivateKeyEntry,
Certificate fingerprint (SHA1): 23:20:A1:2D:01:87:7E:58:15:C8:C0:C5:C4:CE:E1:E9:2B:E1:F8:BF
addtrustexternalcaroot, Dec 2, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
-
4. Re: Problem using SSL in Wildfly
kazaag Dec 4, 2013 4:37 PM (in response to johnmcwho)As pointed by Darran, the alias you are providing is a trusted cert entry not a private key entry. There is only one private key entry (which is some how logical for this case), you should use the alias 'server'.
-
5. Re: Problem using SSL in Wildfly
johnmcwho Dec 4, 2013 5:11 PM (in response to johnmcwho)I'm not really in that topic. Every time if I'm using an alias="" it shows me on start a null pointer error. That confuse me.
Here as follows is the original configuration part from tomcat(that was working for month ;-) ):
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
keystoreFile="/usr/share/tomcat7/ssl/something.keystore" keyPass="pwd123" />
It is yet not really important, but later i would like to use a SSL certificate.
-
6. Re: Problem using SSL in Wildfly
dlofthouse Dec 5, 2013 4:39 AM (in response to johnmcwho)When you set alias="" what you are saying is that the key should be selected using an alias and that alias is a zero length String - I will update WildFly so that the String has a minimum length of 1.
For now if there is only a single private key in the store you can completely omit the alias attribute.
-
7. Re: Problem using SSL in Wildfly
dlofthouse Dec 6, 2013 7:34 AM (in response to dlofthouse)After testing this, the error you report does not seem possible when setting the alias to an empty String, instead start up is aborted with a valid error message saying that at least one character is required.
The NullPointerException is being caused because the alias you specify is the alias of the certificate and not the private key, for the server side of this connection you need to be pointing to the private key - i.e. that is the key that the server will use for encryption, the certificate is only applicable on the client side to verify that the corresponding private key was used.
-
8. Re: Problem using SSL in Wildfly
johnmcwho Dec 8, 2013 12:21 PM (in response to johnmcwho)Yes it is still working also with a trusted certificate. Important is the correct order to import everything. Thanks a lot and sorry.
-
9. Re: Problem using SSL in Wildfly
francesco.81 Nov 9, 2015 4:18 AM (in response to johnmcwho)Hello Stefan,
sorry , can you help me ?
I'm using WildFly 8.2.1 Final .
I have a problem to load protocol="org.apache.coyote.http11.Http11NioProtocol" can you help me ?Can you explain me how load Http11Protocol and load on standalone.xml?
Tnk's
Francesco
-
10. Re: Problem using SSL in Wildfly
ctomc Nov 10, 2015 10:14 AM (in response to francesco.81)Francesco Esposito wrote:
Hello Stefan,
sorry , can you help me ?
I'm using WildFly 8.2.1 Final .
I have a problem to load protocol="org.apache.coyote.http11.Http11NioProtocol" can you help me ?Can you explain me how load Http11Protocol and load on standalone.xml?
Tnk's
Francesco
Why would you even need that?
WildFly 8+ doesn't use jbossweb(fork of tomcat) anymore as web server, but undertow, so any tomcat related properties don't apply anymore.
Undertow NIO based server in its core, so you by default get nio impl of the all listeners