NullPointerException when starting jboss EAP 6.2.0 with https certificate in keystore
ciprian.frant Aug 12, 2014 3:20 AMHi,
I have an issue with EAP 6.2.0.
I am trying to configure it to work with https and I have done the following:
1. add the certificates in a pkcs12 file:
openssl pkcs12 -export -in localhost.crt -inkey localhost.key -out localhost.p12 -name pkcscert
2. add the new file localhost.p12 in a keystore:
keytool -importkeystore -deststorepass xxxxxx -destkeypass xxxxxx -destkeystore localhost.jks -srckeystore /data/ssl_keys/localhost.p12 -srcstoretype PKCS12 -srcstorepass xxxxx -alias pkcscert
3. Add passwords in a vault
4. add vault in the standlone.xml, before management part:
<vault>
<vault-option name="KEYSTORE_URL" value="jboss.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-3iDB18qQpIMasNtQi2deUH"/>
<vault-option name="KEYSTORE_ALIAS" value="jboss.vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="/opt/kmp/conf/"/>
</vault>
5. Add https connector to domain:web
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="8388608" max-connections="530">
<ssl name="kmp-ssl" password="${VAULT::https::password::1}" certificate-key-file="/opt/kmp/conf/localhost.jks" certificate-file="/data/ssl_keys/localhost.crt" keystore-type="pkcs12" />
</connector>
I have also try with the following:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="8388608" max-connections="530">
<ssl name="kmp-ssl" password="${VAULT::https::password::1}" certificate-key-file="/opt/kmp/conf/localhost.jks" certificate-file="/opt/kmp/conf/localhost.jks" keystore-type="pkcs12" />
</connector>
After all this when starting jboss I have the following error:
17:04:51,940 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:82) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:76) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:607) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:485) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:282) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:277) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:288) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:291) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.server.ServerService.boot(ServerService.java:349) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.server.ServerService.boot(ServerService.java:324) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:253) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_41]
Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:80) [jboss-as-server-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
... 11 more
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.NullPointerException
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
... 12 more
Caused by: java.lang.NullPointerException
at org.picketbox.plugins.vault.PicketBoxSecurityVault.checkAndConvertKeyStoreToJCEKS(PicketBoxSecurityVault.java:527) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:189) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
... 13 more
17:04:51,947 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
I have put trace on debug, but I still do not get anything else. I do not know what I have done wrong.
Please guide me on what should I do.
If you have an example of how a https connector should look like please let me know.
I am using Linus REDHAT 6.5, jboss EAP 6.2.0, Apache as web server.
I want to put https in a keystore and add all passwords in vault.
Thanks,