Error getting the SSL context object
Sudhakar.Shanmugam
After updating the renewed SSL cert into java keystore for HTTPS auth, Jenkins startup failed with below error. Still it works with the old expired SSL cert.
I have verified the verified the java keystore and key cert password, I was able to list the keystore content and view the content of the .pfx used in the keystore using the passwords.
Please assist to fix this error.
svmftadm 19916 1 99 05:49 pts/0 00:00:09 /opt/mft/shared/software/jdk/jdk1.7.0_51/bin/java -Djavax.net.ssl.trustStore=/opt/mft/admin/certs/ldapTrustStore -Djavax.net.ssl.keyStore=/opt/mft/admin/certs/ldapTrustStore -Djavax.net.ssl.keyStorePassword=xyz -jar /opt/mft/jenkins/jenkins.war --httpPort=-1 --httpsPort=9443 --httpsKeyStore=/opt/mft/jenkins/jenkins.jks --httpsKeyStorePassword=xyz
lx0001[/opt/mft/jenkins]> cat jenkins.log
Running from: /apps/mft/jenkins/jenkins.war
webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:209)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at Main._main(Main.java:293)
at Main.main(Main.java:98)
Caused by: winstone.WinstoneException: Error getting the SSL context object
at winstone.HttpsConnectorFactory.getSSLContext(HttpsConnectorFactory.java:218)
at winstone.HttpsConnectorFactory.createConnector(HttpsConnectorFactory.java:127)
at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:116)
at winstone.Launcher.spawnListener(Launcher.java:207)
... 8 more
Regards,
Sudhakar
Steven Erat
Here's a snippet of correspondence when I was describing the situation to a colleague:
---------
Looking at the Winstone class where the last exception came from:
https://github.com/jenkinsci/winstone/blob/master/src/java/winstone/HttpsConnectorFactory.java
There was the following comment block:
// key password are identical and people will not even be aware that these
// are two different things
// Therefore if no httpsPrivateKeyPassword is explicitely set we try to
// use the KeyStore password also for the key password not to break
// backward compatibility
// Otherwise the following code will completely break the startup of
// Jenkins in case the --httpsPrivateKeyPassword parameter is not set
privateKeyPassword = Option.HTTPS_PRIVATE_KEY_PASSWORD.get(args, keystorePassword);
Then I found the Winstone options class, which also showed that a ‘httpsPrivateKeyPassword’ option could be passed. So I changed the /etc/sysconfig/jenkins to use this instead:
However, starting Jenkins still failed, but this time with “java.lang.IllegalArgumentException: Unrecognized option: —httpsPrivateKeyPassword”, and that doesn’t make sense at all.
I going try to recreate the jenkins.jks keystone that I’m using, but match the private key password that I used originally. If they both have the same password, then I don’t have to pass in "—httpsPrivateKeyPassword” separately.
Ok, recreating the jks file with the same password used for the private key password worked. Jenkins would start and the SSL cert was verified in the browser.
shanmusu
private key which is imported into the keystore, it worked!!
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/Error-getting-the-SSL-context-object-tp4723787p4732030.html
Sent from the Jenkins users mailing list archive at Nabble.com.
