Hello
Having just:
<New class="org.eclipse.jetty.util.ssl.SslContextFactory"
id="sslContextFactory">
in KARAF_HOME/etc/jetty.xml is not enough to have proper SSL configuration.
In Karaf, when you install "pax-web-http-jetty" you'll get
KARAF_HOME/etc/org.ops4j.pax.web.cfg template with this section:
# secure connector configuration
org.osgi.service.http.secure.enabled = false
#org.osgi.service.http.port.secure = 8443
#org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore
#org.ops4j.pax.web.ssl.truststore.password = passw0rd
#org.ops4j.pax.web.ssl.truststore.type = JKS
#org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore
#org.ops4j.pax.web.ssl.keystore.password = passw0rd
#org.ops4j.pax.web.ssl.keystore.type = JKS
#org.ops4j.pax.web.ssl.key.password = passw0rd
#org.ops4j.pax.web.ssl.key.alias = server
#org.ops4j.pax.web.ssl.clientauth.needed = false
#org.ops4j.pax.web.ssl.protocols.included = TLSv1.3
#org.ops4j.pax.web.ssl.protocol = TLSv1.3
#org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3
#org.ops4j.pax.web.ssl.ciphersuites.included =
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384
#org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking
#org.ops4j.pax.web.ssl.renegotiationAllowed = true
#org.ops4j.pax.web.ssl.session.enabled = true
so you can use it for SSL configuration. Next week I'll check what's the
actual problem with your config - see here for follow-up:
https://github.com/ops4j/org.ops4j.pax.web/issues/1821
regards
Grzegorz Grzybek
pt., 13 sty 2023 o 15:31 Vamsikrishna Koka
<vamshikrishn...@motivitylabs.com.invalid> napisaĆ(a):
> + dev@karaf.apache.org<mailto:dev@karaf.apache.org>
>
> From: Vamsikrishna Koka
> Sent: 13 January 2023 19:16
> To: u...@karaf.apache.org; iss...@karaf.apache.org
> Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
>
> Thank you so much for looking into this @Grzegorz Grzybek.
>
> What is you $KARAF_HOME/etc/org.ops4j.pax.web.cfg configuration?
>
> There is no password in org.ops4j.pax.web.cfg file. It was reading
> external configuration file. Which is jetty xml file.
>
> $KARAF_HOME/etc/org.ops4j.pax.web.cfg file :-
>
> org.osgi.service.http.port=8181
> org.osgi.service.http.secure.enabled=true
> org.osgi.service.http.port.secure=8443
> org.ops4j.pax.web.listening.addresses=127.0.0.1
> org.ops4j.pax.web.config.file = ${karaf.home}/etc/jetty.xml
> org.ops4j.pax.web.session.timeout=30
>
> $KARAF_HOME/etc/jetty.xml file :-
>
> <New class="org.eclipse.jetty.util.ssl.SslContextFactory"
> id="sslContextFactory">
> <Set name="KeyStorePath">
> <SystemProperty default="."
> name="jetty.home"/>/etc/keystores/bems.pfx</Set>
> <Set name="TrustStorePath">
> <SystemProperty default="."
> name="jetty.home"/>/etc/keystores/bems.pfx</Set>
>
> <Set name="KeyStorePassword">OBF: password will generate after
> compilation </Set>
> <Set name="KeyManagerPassword">OBF: : password will generate after
> compilation </Set>
> <Set name="TrustStorePassword">OBF: : password will generate after
> compilation </Set>
> <Set name="KeyStoreType">PKCS12</Set>
> <Set name="TrustStoreType">PKCS12</Set>
>
> <Set name="ExcludeProtocols">
> <Array type="java.lang.String">
> <Item>TLSv1.1</Item>
> <Item>TLSv1</Item>
> <Item>SSL</Item>
> <Item>SSLv2</Item>
> <Item>SSLv2Hello</Item>
> <Item>SSLv3</Item>
> </Array>
> </Set>
>
> Thanks,
> Vamsi Krishna.
>
> From: Vamsikrishna Koka
> Sent: Friday, January 13, 2023 12:42 AM
> To: 'u...@karaf.apache.org' <u...@karaf.apache.org<mailto:
> u...@karaf.apache.org>>; 'iss...@karaf.apache.org' <
> iss...@karaf.apache.org<mailto:iss...@karaf.apache.org>>;
> dev@karaf.apache.org<mailto:dev@karaf.apache.org>
> Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
>
> Hi Team,
>
> I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using
> PFX file but it was failed due to given below stack trace.
>
> Please can anyone take look at once.
>
> 2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util |
> 9.4.48.v20220622 | WARN | ID=245 THR=ange controller)
> CAT=AbstractLifeCycle MSG=FAILED Server@21d6680d
> {FAILED}[9.4.48.v20220622<mailto:Server@21d6680d%7bFAILED%7d[9.4.48.v20220622>]:
> java.lang.NullPointerException
> java.lang.NullPointerException: null
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
> ~[?:?]
> at
> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347)
> ~[?:?]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> ~[?:?]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[?:?]
> at java.lang.Thread.run(Thread.java:829) ~[?:?]
> 2023-01-12T12:53:03.281-0500 CEF:1 | org.ops4j.pax.web.pax-web-runtime |
> 8.0.6 | ERROR | ID=274 THR=ange controller) CAT=Activator
> MSG=Unable to start Pax Web server: null
> java.lang.NullPointerException: null
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
> ~[?:?]
> at
> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347)
> ~[?:?]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> ~[?:?]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[?:?]
> at java.lang.Thread.run(Thread.java:829) ~[?:?]
>
>
>
> Thanks,
> Vamsi Krishna.
>
>
> From: Vamsikrishna Koka
> Sent: Friday, January 13, 2023 12:38 AM
> To: u...@karaf.apache.org<mailto:u...@karaf.apache.org>;
> iss...@karaf.apache.org<mailto:iss...@karaf.apache.org>
> Subject: Unable to start Pax-Web 8.0.6 due to PFX Certificate.
>
> Hi Team,
>
> I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using
> PFX file but it was failed due to given below stack trace.
>
> Please can anyone take look at once.
>
> 2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util |
> 9.4.48.v20220622 | WARN | ID=245 THR=ange controller)
> CAT=AbstractLifeCycle MSG=FAILED Server@21d6680d
> {FAILED}[9.4.48.v20220622<mailto:Server@21d6680d%7bFAILED%7d[9.4.48.v20220622>]:
> java.lang.NullPointerException
> java.lang.NullPointerException: null
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
> ~[?:?]
> at
> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347)
> ~[?:?]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> ~[?:?]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[?:?]
> at java.lang.Thread.run(Thread.java:829) ~[?:?]
> 2023-01-12T12:53:03.281-0500 CEF:1 | org.ops4j.pax.web.pax-web-runtime |
> 8.0.6 | ERROR | ID=274 THR=ange controller) CAT=Activator
> MSG=Unable to start Pax Web server: null
> java.lang.NullPointerException: null
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
> ~[?:?]
> at
> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
> ~[?:?]
> at
> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347)
> ~[?:?]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> ~[?:?]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[?:?]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[?:?]
> at java.lang.Thread.run(Thread.java:829) ~[?:?]
>
>
>
> Thanks,
> Vamsi Krishna.
>
>
>
