2 Replies Latest reply on Sep 4, 2007 2:29 PM by nathan dennis

    SSL-Connector - problem with keystore format

    Dominik Rauch Newbie

      I want to test an application which needs a https-connection and a certificate with the extended parameter "keyUsage digitalSignature" set.

      First I set up an SSL-connector:

      <Connector port="8443" address="${jboss.bind.address}"
       maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
       emptySessionPath="true"
       scheme="https" secure="true" enableLookups="uri"
       useURIValidationHack="false" disableUploadTimeout="true"
       clientAuth="false" sslProtocol="TLS"
       keystoreFile="${jboss.server.home.dir}/conf/https.keystore"
       keystorePass="*****"
      />
      


      Then created the certificate with OpenSSL:
      // generating the key
      openssl genrsa -des3 -out C:\CertTest\https.key
      
      // generating the certificate request
      openssl req -new -config C:\CertTest\elogon.cfg -key C:\CertTest\https.key -out C:\CertTest\https.csr
      
      // sign the certificate (by myself)
      openssl x509 -req -days 365 -in C:\CertTest\https.csr -signkey C:\CertTest\https.key -out C:\CertTest\https.crt
      
      // putting the certificate into the keystore
      openssl pkcs12 -export -name eLogon -in C:\CertTest\https.crt -inkey C:\CertTest\https.key -out C:\CertTest\https.keystore
      

      I copied the https.keystore file into the conf-directory of JBoss. But when I start JBoss I get an error:
      21:56:36,437 14187 ERROR [Http11BaseProtocol] (main:) Error initializing endpoint
      java.io.IOException: Invalid keystore format
      


      I've read this wiki-article: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup and checked my keystore with:
      keytool -list -keystore C:\CertTest\https.keystore -storetype PKCS12
      

      it seems correct. Keystore type: PKCS12, Keystore provider: SunJSSE and 1 entry:
      elogon, 23.11.2006, keyEntry,
      Zertifikatsfingerabdruck (MD5): ****
      



      So why can't JBoss read my keystore-file?


      best regards,
      dominik