Hi,

I have an issue with EAP 6.2.0.

I am trying to configure it to work with https and I have done the following:

1. add the certificates in a pkcs12 file:

openssl pkcs12 -export -in localhost.crt -inkey localhost.key -out localhost.p12 -name pkcscert

2. add the new file localhost.p12 in a keystore:

keytool -importkeystore -deststorepass xxxxxx -destkeypass xxxxxx -destkeystore localhost.jks -srckeystore /data/ssl_keys/localhost.p12 -srcstoretype PKCS12 -srcstorepass xxxxx -alias pkcscert

3. Add passwords in a vault

4. add vault in the standlone.xml, before management part:

<vault>

  <vault-option name="KEYSTORE_URL" value="jboss.keystore"/>

  <vault-option name="KEYSTORE_PASSWORD" value="MASK-3iDB18qQpIMasNtQi2deUH"/>

  <vault-option name="KEYSTORE_ALIAS" value="jboss.vault"/>

  <vault-option name="SALT" value="12345678"/>

  <vault-option name="ITERATION_COUNT" value="50"/>

  <vault-option name="ENC_FILE_DIR" value="/opt/kmp/conf/"/>

</vault>

5. Add https connector to domain:web

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="8388608" max-connections="530">

                <ssl name="kmp-ssl" password="${VAULT::https::password::1}" certificate-key-file="/opt/kmp/conf/localhost.jks" certificate-file="/data/ssl_keys/localhost.crt" keystore-type="pkcs12" />

            </connector>

I have also try with the following:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="8388608" max-connections="530">

                <ssl name="kmp-ssl" password="${VAULT::https::password::1}" certificate-key-file="/opt/kmp/conf/localhost.jks" certificate-file="/opt/kmp/conf/localhost.jks" keystore-type="pkcs12" />

            </connector>

After all this when starting jboss I have the following error:

17:04:51,940 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

        at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:82) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:76) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:607) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:485) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:282) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:277) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:288) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:291) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.server.ServerService.boot(ServerService.java:349) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.server.ServerService.boot(ServerService.java:324) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:253) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_41]

Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

        at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:80) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        ... 11 more

Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

        at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        ... 12 more

Caused by: java.lang.NullPointerException

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]

        ... 13 more

17:04:51,947 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

I have put trace on debug, but I still do not get anything else. I do not know what I have done wrong.

Please guide me on what should I do.

If you have an example of how a https connector should look like please let me know.

I am using Linus REDHAT 6.5, jboss EAP 6.2.0, Apache as web server.

I want to put https in a keystore and add all passwords in vault.

Thanks,