SSL Error with Wildfly 24 upgrade

1,183 views
Skip to first unread message

sand...@gmail.com

unread,
Jul 22, 2021, 8:55:28 AM7/22/21
to WildFly
Hello, 

I am upgrading my application from Wildfly 20 to Wildfly 24 and seeing this error which server startup. 

18:13:34,323 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.ssl-context.applicationSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.applicationSSC: java.security.KeyStoreException: problem accessing trust store
        at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:1367)
        at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:61)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
        at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: problem accessing trust store
        at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73)
        at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
        at org.wildfly.security.ssl.SSLUtils.lambda$static$4(SSLUtils.java:217)
        at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
        at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:343)
        at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
        at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:1365)
        ... 9 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:782)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
        at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:365)
        at sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:313)
        at sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55)
        at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)
        ... 15 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
        ... 23 more
-----------------------------------------------------------------------------------------------------------------------------------------
18:13:39,118 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "applicationSSC")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.applicationSSC" => "java.security.KeyStoreException: problem accessing trust store
    Caused by: java.security.KeyStoreException: problem accessing trust store
    Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    Caused by: java.security.UnrecoverableKeyException: Password verification failed"}}
-----------------------------------------------------------------------------------------------------------------------------------------

I am using the legacy security system instead of Elytron. Is it compulsory now to move to Elytron security to avoid such error? 

Thanks,
Sandip 

Sonia Zaldana Calles

unread,
Jul 22, 2021, 11:16:59 AM7/22/21
to WildFly

Hi Sandip, 

The error you’re seeing pertains to the new ssl-context “applicationSSC” that was added to the Elytron subsystem to automatically generate a self-signed certificate the first time WildFly receives an HTTPS request. This ssl-context provides out of the box one-way SSL configuration. Therefore, it is a little strange to see an error pertaining to a trust store, as this ssl-context does not configure a trust store. 

Here’s a blog post about this ssl-context for reference: https://wildfly-security.github.io/wildfly-elytron/blog/auto-self-signed-certificate-generation/

I am wondering whether you have updated this ssl-context at all and configured a trust manager which could create an error. Could you please give me more information about your SSL configuration? 

 

Regards, 

Sonia

Reply all
Reply to author
Forward
0 new messages