Upgrading from Karaf 4.3.10 to 4.4.5 - Pax-Web fails to start
22 views
Skip to first unread message
Martin Lichtin
Jan 14, 2024, 12:53:51 PMJan 14
to OPS4J
With Pax-Web 8 being part of Karaf 4.4.5, it fails at startup with
2024-01-14T18:28:39,157 | ERROR | 1-thread-1 (change controller) | Activator | x.web.service.internal.Activator 623 | 412 - org.ops4j.pax.web.pax-web-runtime - 8.0.24 | Unable to start Pax Web server: Get Key failed: null
java.security.UnrecoverableKeyException: Get Key failed: null
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:396) ~[?:1.8.0_391]
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) ~[?:1.8.0_391]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71) ~[?:1.8.0_391]
at java.security.KeyStore.getKey(KeyStore.java:1027) ~[?:1.8.0_391]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145) ~[?:1.8.0_391]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[?:1.8.0_391]
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) ~[?:1.8.0_391]
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) ~[?:?]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[?:?]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:626) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:555) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:445) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_391]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_391]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_391]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_391]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_391]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_391]
at java.lang.Thread.run(Thread.java:750) [?:1.8.0_391]
Caused by: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:332) ~[?:1.8.0_391]
... 35 more
java.security.UnrecoverableKeyException: Get Key failed: null
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:396) ~[?:1.8.0_391]
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) ~[?:1.8.0_391]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71) ~[?:1.8.0_391]
at java.security.KeyStore.getKey(KeyStore.java:1027) ~[?:1.8.0_391]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145) ~[?:1.8.0_391]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[?:1.8.0_391]
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) ~[?:1.8.0_391]
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) ~[?:?]
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) ~[?:?]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) ~[?:?]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[?:?]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:626) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:555) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:445) ~[?:?]
at org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_391]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_391]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_391]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_391]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_391]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_391]
at java.lang.Thread.run(Thread.java:750) [?:1.8.0_391]
Caused by: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:332) ~[?:1.8.0_391]
... 35 more
does anyone know what has changed?
Matt Pavlovich
Jan 14, 2024, 1:03:58 PMJan 14
to op...@googlegroups.com
Martin-
Did you also upgrade from JDK 8? Since JDK 9, the default keystore changed to PKCS12. You may need to create a new, updated keystore for your ssl key+certificate.
-Matt
On Jan 14, 2024, at 11:53 AM, Martin Lichtin <mlic...@gmail.com> wrote:
--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/33078b63-1247-4b23-bc1f-cda485a31422n%40googlegroups.com.
Grzegorz Grzybek
Jan 14, 2024, 1:07:15 PMJan 14
to op...@googlegroups.com
Hello
Pax Web 8 is roughly 80% rewrite of Pax Web 7.
But with this error message I think it's related to removal of deprecated "org.ops4j.pax.web.ssl.keypassword" option. Use "org.ops4j.pax.web.ssl.key.password" instead.
If it's not this, please show me your PID configuration (without passwords of course). Or maybe you use custom jetty.xml?
regards
Grzegorz Grzybek
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/53374D51-EC7B-4D85-B93A-1A04F5CC78D9%40hyte.io.
Martin Lichtin
Jan 14, 2024, 2:04:24 PMJan 14
to OPS4J
Yes, thanks! Looks like the old values no longer work.
So
org.ops4j.pax.web.ssl.password => org.ops4j.pax.web.ssl.keystore.password
org.ops4j.pax.web.ssl.keypassword => org.ops4j.pax.web.ssl.key.password
Probably best to remove the old names from SSL-Configuration.adoc
So
org.ops4j.pax.web.ssl.password => org.ops4j.pax.web.ssl.keystore.password
org.ops4j.pax.web.ssl.keypassword => org.ops4j.pax.web.ssl.key.password
Probably best to remove the old names from SSL-Configuration.adoc
Grzegorz Grzybek
Jan 15, 2024, 12:35:47 AMJan 15
to op...@googlegroups.com
Hello
Yes - documentation is something on my todo list ;)
regards
Grzegorz Grzybek
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/f1791dc4-fb5a-4498-80c6-1ec1cb68326dn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages