Issues configuring keystore for Mod_Cluster SSL
mmilutinovic Oct 22, 2012 12:25 PMHello,
I am trying to configure SSL for the mod_cluster communications as follows (JBoss AS 7.1.1 Final):
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config advertise-socket="modcluster" proxy-list="172.29.7.135:6666" advertise-security-key="secret">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl password="secret" key-alias="modcluster" certificate-key-file="/home/xxx/cert/jboss.keystore" cipher-suite="ALL" protocol="TLSv1"/>
</mod-cluster-config>
</subsystem>
Everytime I start JBoss I get the following exception (I've verified the password is correct in the keystore I created):
10:20:41,539 INFO [org.jboss.modcluster.ModClusterService] (MSC service thread 1-1) Initializing mod_cluster 1.2.0.Final
10:20:41,568 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC00001: Failed to start service jboss.mod-cluster: org.jboss.msc.service.StartException in service jboss.mod-cluster: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_07]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_07]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]
Caused by: java.lang.IllegalStateException: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)
at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)
at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)
at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.init(DefaultMCMPHandler.java:139)
at org.jboss.modcluster.ModClusterService.init(ModClusterService.java:146)
at org.jboss.modcluster.container.catalina.CatalinaEventHandlerAdapter.init(CatalinaEventHandlerAdapter.java:258)
at org.jboss.modcluster.container.catalina.CatalinaEventHandlerAdapter.start(CatalinaEventHandlerAdapter.java:99)
at org.jboss.as.modcluster.ModClusterService.start(ModClusterService.java:243)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
... 3 more
I'm using the exact same keystore on my HTTPS connector with no problem:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl key-alias="server" password="secret" certificate-key-file="/home/xxx/cert/jboss.keystore" cipher-suite="ALL" protocol="TLSv1"/>
</connector>
Has anyone experienced this issue or can point me to some documentation that deals with this?
Thanks,
Marko