Password for keystore in Pax-Web 8.0.6

[Richard Hierlmeier]

Last week I upgraded my application from Karaf 4.3.7 to Karaf 4.4.1 and Pax-Web 8.0.6. 

After finding the correct features that I have to install now the application started to work.

However the SSL-Setup is not working. In the logs found the following exception:

2022-07-25T13:42:01,221 | INFO  | paxweb-config-3-thread-1 (change controller) | AbstractConnector                | 74 - org.eclipse.jetty.util - 9.4.48.v20220622 | Started default@4dae28f6{HTTP/1.1, (http/1.1)}{0.0.0.0:80}
2022-07-25T13:42:01,233 | INFO  | paxweb-config-3-thread-1 (change controller) | SslContextFactory                | 74 - org.eclipse.jetty.util - 9.4.48.v20220622 | x509=X509@3d4fe3bd(de,h=[2344dad.app.de],a=[],w=[]) for Server@7ecec4ac[provider=null,keyStore=file:///C:/Tools/apache-karaf-4.4.1/etc/keystore,trustStore=null]
2022-07-25T13:42:01,237 | ERROR | paxweb-config-3-thread-1 (change controller) | Activator                        | 82 - org.ops4j.pax.web.pax-web-runtime - 8.0.6 | Unable to start Pax Web server: Password must not be null
java.security.UnrecoverableKeyException: Password must not be null
    at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:134) ~[?:1.8.0_292]
    at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:57) ~[?:1.8.0_292]
    at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) ~[?:1.8.0_292]
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71) ~[?:1.8.0_292]
    at java.security.KeyStore.getKey(KeyStore.java:1023) ~[?:1.8.0_292]
    at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145) ~[?:1.8.0_292]
    at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[?:1.8.0_292]
    at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) ~[?:1.8.0_292]
    at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) ~[?:?]
    at org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) ~[?:?]
    at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) ~[?:?]
    at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) ~[?:?]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
    at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
    at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
    at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) ~[?:?]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
    at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
    at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
    at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) ~[?:?]
    at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[?:?]
    at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) ~[?:?]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
    at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) ~[?:?]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) ~[?:?]
    at org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) ~[?:?]
    at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) ~[?:?]
    at org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) ~[?:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_292]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_292]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) ~[?:1.8.0_292]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) ~[?:1.8.0_292]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_292]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_292]
    at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_292]

I am reusing the same org.ops4j.pax.web.cfg file from Karaf 4.3.7 and also the same keystore.  Passwords for the keystore are stored in the properties

org.ops4j.pax.web.ssl.password

org.ops4j.pax.web.ssl.keypassword

The passwords in are obfuscated with OBR. 

What can be the problem here?

Regards

   Richard

[Richard Hierlmeier]

I found the solution. The properties been renamed:

The new names are org.ops4j.pax.web.ssl.keypassword and org.ops4j.pax.web.ssl.key.password

Richard

[Grzegorz Grzybek]

Hello

I'm glad it worked - I confess - it was my mistake that I renamed the property when translating the WebContainerConstants.java when working on Pax Web 8.

kind regards

Grzegorz Grzybek

--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com

---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/21d20a75-20f3-4884-a9e3-e723ce83b847n%40googlegroups.com.