7 Replies Latest reply on Jan 21, 2014 6:25 AM by dabraham81

    Issues configuring keystore for Mod_Cluster SSL

    mmilutinovic
    mmilutinovic Oct 22, 2012 12:25 PM

      Hello,

       

      I am trying to configure SSL for the mod_cluster communications as follows (JBoss AS 7.1.1 Final):

       

              <subsystem xmlns="urn:jboss:domain:modcluster:1.0">

                  <mod-cluster-config advertise-socket="modcluster" proxy-list="172.29.7.135:6666" advertise-security-key="secret">

                      <dynamic-load-provider>

                          <load-metric type="busyness"/>

                      </dynamic-load-provider>

                      <ssl password="secret" key-alias="modcluster" certificate-key-file="/home/xxx/cert/jboss.keystore" cipher-suite="ALL" protocol="TLSv1"/>

                  </mod-cluster-config>

              </subsystem>

       

      Everytime I start JBoss I get the following exception (I've verified the password is correct in the keystore I created):

       

      10:20:41,539 INFO  [org.jboss.modcluster.ModClusterService] (MSC service thread 1-1) Initializing mod_cluster 1.2.0.Final

      10:20:41,568 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC00001: Failed to start service jboss.mod-cluster: org.jboss.msc.service.StartException in service jboss.mod-cluster: Failed to start service

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_07]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_07]

                at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]

      Caused by: java.lang.IllegalStateException: java.io.IOException: Keystore was tampered with, or password was incorrect

                at org.jboss.modcluster.mcmp.impl.JSSESocketFactory.<init>(JSSESocketFactory.java:113)

                at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler$Proxy.<init>(DefaultMCMPHandler.java:747)

                at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.add(DefaultMCMPHandler.java:183)

                at org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler.init(DefaultMCMPHandler.java:139)

                at org.jboss.modcluster.ModClusterService.init(ModClusterService.java:146)

                at org.jboss.modcluster.container.catalina.CatalinaEventHandlerAdapter.init(CatalinaEventHandlerAdapter.java:258)

                at org.jboss.modcluster.container.catalina.CatalinaEventHandlerAdapter.start(CatalinaEventHandlerAdapter.java:99)

                at org.jboss.as.modcluster.ModClusterService.start(ModClusterService.java:243)

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                ... 3 more

       

       

      I'm using the exact same keystore on my HTTPS connector with no problem:

       

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                      <ssl key-alias="server" password="secret" certificate-key-file="/home/xxx/cert/jboss.keystore" cipher-suite="ALL" protocol="TLSv1"/>

                  </connector>

       

      Has anyone experienced this issue or can point me to some documentation that deals with this?

       

      Thanks,

      Marko