10 Replies Latest reply on Nov 10, 2015 10:14 AM by ctomc Branched to a new discussion.

    Problem using SSL in Wildfly

    johnmcwho
    johnmcwho Dec 2, 2013 8:48 AM

      I follow the instruction in the wildfly 8.0.0 Beta1 documentation to insert SSL Certificat, but every time i start the server i got Nullpoint. But that only if i use alias="" in keystore tag.

      On the other side if i leave alias i got ssl_error_no_cypher_overlap if i connect to the https connection.

       

      <security-realm name="testSSLRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="../standalone/configuration/something.keystore" relative-to="jboss.server.config.dir" keystore-password="pwd" alias="tdnght" key-password="pwd" />

                          </ssl>

                      </server-identities>

              <authentication>

       

      and subsystem in the server tag

       

      <https-listener name="https" socket-binding="https" security-realm="testSSLRealm" />

       

      Hopefully some of you have an idea. Thanks in advance.

        • 1. Re: Problem using SSL in Wildfly
          johnmcwho
          johnmcwho Dec 3, 2013 5:37 AM (in response to johnmcwho)

          That is the error:

           

          ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.testSSLRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.testSSLRealm.keystore: Failed to start service

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1900) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]

              at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

          Caused by: java.lang.NullPointerException: invalid null input

              at java.security.KeyStore.setEntry(KeyStore.java:1321) [rt.jar:1.7.0_13]

              at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:106)

              at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:60)

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]

              ... 3 more

            • Actions
          • 2. Re: Problem using SSL in Wildfly
            dlofthouse
            dlofthouse Dec 3, 2013 6:04 AM (in response to johnmcwho)

            I believe there is a bug here but possibly caused by a bad config.

             

            Could you please list the contents of the keystore, we need to verify that the alias you are specifying is a valid alias - from the stack I am suspecting maybe not, or maybe it is only an alias to a certificate and not the private key.

              • Actions
            • 3. Re: Problem using SSL in Wildfly
              johnmcwho
              johnmcwho Dec 3, 2013 6:28 AM (in response to dlofthouse)

              Hopefully that helps. The same keystore was still working in tomcat. Thanks.

               

              Keystore type: JKS

              Keystore provider: SUN

               

              Your keystore contains 4 entries

               

              tdnght, Dec 2, 2013, trustedCertEntry,

              Certificate fingerprint (SHA1): AA:D4:3E:7B:37:57:A2:FA:48:39:62:28:0D:C3:BD:81:A7:C5:01:82

              comodosslca, Dec 2, 2013, trustedCertEntry,

              Certificate fingerprint (SHA1): B4:C6:61:80:C5:20:BA:D6:88:47:0E:F8:0B:B2:2B:EB:A8:39:1C:22

              server, Dec 2, 2013, PrivateKeyEntry,

              Certificate fingerprint (SHA1): 23:20:A1:2D:01:87:7E:58:15:C8:C0:C5:C4:CE:E1:E9:2B:E1:F8:BF

              addtrustexternalcaroot, Dec 2, 2013, trustedCertEntry,

              Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68

                • Actions
              • 4. Re: Problem using SSL in Wildfly
                kazaag
                kazaag Dec 4, 2013 4:37 PM (in response to johnmcwho)

                As pointed by Darran, the alias you are providing is a trusted cert entry not a private key entry.  There is only one private key entry (which is some how logical for this case), you should use the alias 'server'.

                  • Actions
                • 5. Re: Problem using SSL in Wildfly
                  johnmcwho
                  johnmcwho Dec 4, 2013 5:11 PM (in response to johnmcwho)

                  I'm not really in that topic. Every time if I'm using an alias="" it shows me on start a null pointer error. That confuse me.

                  Here as follows is the original configuration part from tomcat(that was working for month ;-) ):

                   

                  <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" maxThreads="150"

                      minSpareThreads="25" enableLookups="false" disableUploadTimeout="true"

                      acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false"

                      keystoreFile="/usr/share/tomcat7/ssl/something.keystore" keyPass="pwd123" />

                   

                  It is yet not really important, but later i would like to use a SSL certificate.

                    • Actions
                  • 6. Re: Problem using SSL in Wildfly
                    dlofthouse
                    dlofthouse Dec 5, 2013 4:39 AM (in response to johnmcwho)

                    When you set alias="" what you are saying is that the key should be selected using an alias and that alias is a zero length String - I will update WildFly so that the String has a minimum length of 1.

                     

                    For now if there is only a single private key in the store you can completely omit the alias attribute.

                      • Actions
                    • 7. Re: Problem using SSL in Wildfly
                      dlofthouse
                      dlofthouse Dec 6, 2013 7:34 AM (in response to dlofthouse)

                      After testing this, the error you report does not seem possible when setting the alias to an empty String, instead start up is aborted with a valid error message saying that at least one character is required.

                       

                      The NullPointerException is being caused because the alias you specify is the alias of the certificate and not the private key, for the server side of this connection you need to be pointing to the private key - i.e. that is the key that the server will use for encryption, the certificate is only applicable on the client side to verify that the corresponding private key was used.

                        • Actions
                      • 8. Re: Problem using SSL in Wildfly
                        johnmcwho
                        johnmcwho Dec 8, 2013 12:21 PM (in response to johnmcwho)

                        Yes it is still working also with a trusted certificate. Important is the correct order to import everything. Thanks a lot and sorry.

                          • Actions
                        • 9. Re: Problem using SSL in Wildfly
                          francesco.81
                          francesco.81 Nov 9, 2015 4:18 AM (in response to johnmcwho)

                          Hello Stefan,

                          sorry , can you help me ?

                          I'm using WildFly  8.2.1 Final .
                          I have a problem to load protocol="org.apache.coyote.http11.Http11NioProtocol" can you help me ? 

                          Can you explain me how load Http11Protocol and load on standalone.xml?

                          Tnk's

                          Francesco

                            • Actions
                          • 10. Re: Problem using SSL in Wildfly
                            ctomc
                            ctomc Nov 10, 2015 10:14 AM (in response to francesco.81)

                            Francesco Esposito wrote:

                             

                            Hello Stefan,

                            sorry , can you help me ?

                            I'm using WildFly  8.2.1 Final .
                            I have a problem to load protocol="org.apache.coyote.http11.Http11NioProtocol" can you help me ?

                            Can you explain me how load Http11Protocol and load on standalone.xml?

                            Tnk's

                            Francesco

                            Why would you even need that?

                            WildFly 8+ doesn't use jbossweb(fork of tomcat) anymore as web server, but undertow, so any tomcat related properties don't apply anymore.

                            Undertow NIO based server in its core, so you by default get nio impl of the all listeners

                              • Actions