0
votes

I have generated the certificate from the below command

Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"

and then in client machine import like this

keytool -import -file C:\Code_Base\Certificates\NGINX_150\tls.crt -storepass changeit -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts" -alias nginxsvc

and in Standalone.xml file of Jboss server added

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                <ssl name="ssl" password="changeit" certificate-key-file="C:\Code_Base\Certificates\NGINX_150\tls.key"/>
</connector> 

But when server starting i am getting

11:12:17,279 ERROR [org.apache.tomcat.util] (MSC service thread 1-3) JBWEB003003: Failed to load keystore type JKS with path C:\Code_Base\Certificates\NGINX_150\tls.key due to Invalid keystore format: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) [rt.jar:1.8.0_152] at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) [rt.jar:1.8.0_152] at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) [rt.jar:1.8.0_152] at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) [rt.jar:1.8.0_152] at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_152] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:265) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:480) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:417) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:180) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_152]

11:12:17,283 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-3) JBWEB003043: Error initializing endpoint: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) [rt.jar:1.8.0_152] at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) [rt.jar:1.8.0_152] at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) [rt.jar:1.8.0_152] at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) [rt.jar:1.8.0_152] at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_152] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:265) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:480) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:417) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:180) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_152]

11:12:17,289 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/0.0.0.0:8080 11:12:17,297 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003000: Coyote HTTP/1.1 starting on: http-/0.0.0.0:8080 11:12:17,311 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:393) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_152] Caused by: LifecycleException: JBWEB000023: Protocol handler initialization failed at org.apache.catalina.connector.Connector.init(Connector.java:989) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) ... 5 more

1

1 Answers

0
votes

One possibility to consider is the mismatch of keystore types.

You may check the keystore type of your existing keystore as follows:

 keytool -list -keystore <path/to/keystore>

This should display the Keystore type value in the output like

Keystore type: PKCS12

This may be different to the default keystore type (JKS in your case) that it is expecting

If so, use the appropriate keystoreType attribute in your tomcat server configuration to match your key store

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreType="PKCS12"
           keystoreFile="path/to/keystore" keystorePass="changeit" />