Hello Having just:
<New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> in KARAF_HOME/etc/jetty.xml is not enough to have proper SSL configuration. In Karaf, when you install "pax-web-http-jetty" you'll get KARAF_HOME/etc/org.ops4j.pax.web.cfg template with this section: # secure connector configuration org.osgi.service.http.secure.enabled = false #org.osgi.service.http.port.secure = 8443 #org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.truststore.password = passw0rd #org.ops4j.pax.web.ssl.truststore.type = JKS #org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.keystore.password = passw0rd #org.ops4j.pax.web.ssl.keystore.type = JKS #org.ops4j.pax.web.ssl.key.password = passw0rd #org.ops4j.pax.web.ssl.key.alias = server #org.ops4j.pax.web.ssl.clientauth.needed = false #org.ops4j.pax.web.ssl.protocols.included = TLSv1.3 #org.ops4j.pax.web.ssl.protocol = TLSv1.3 #org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3 #org.ops4j.pax.web.ssl.ciphersuites.included = TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384 #org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking #org.ops4j.pax.web.ssl.renegotiationAllowed = true #org.ops4j.pax.web.ssl.session.enabled = true so you can use it for SSL configuration. Next week I'll check what's the actual problem with your config - see here for follow-up: https://github.com/ops4j/org.ops4j.pax.web/issues/1821 regards Grzegorz Grzybek pt., 13 sty 2023 o 15:31 Vamsikrishna Koka <vamshikrishn...@motivitylabs.com.invalid> napisaĆ(a): > + dev@karaf.apache.org<mailto:dev@karaf.apache.org> > > From: Vamsikrishna Koka > Sent: 13 January 2023 19:16 > To: u...@karaf.apache.org; iss...@karaf.apache.org > Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate. > > Thank you so much for looking into this @Grzegorz Grzybek. > > What is you $KARAF_HOME/etc/org.ops4j.pax.web.cfg configuration? > > There is no password in org.ops4j.pax.web.cfg file. It was reading > external configuration file. Which is jetty xml file. > > $KARAF_HOME/etc/org.ops4j.pax.web.cfg file :- > > org.osgi.service.http.port=8181 > org.osgi.service.http.secure.enabled=true > org.osgi.service.http.port.secure=8443 > org.ops4j.pax.web.listening.addresses=127.0.0.1 > org.ops4j.pax.web.config.file = ${karaf.home}/etc/jetty.xml > org.ops4j.pax.web.session.timeout=30 > > $KARAF_HOME/etc/jetty.xml file :- > > <New class="org.eclipse.jetty.util.ssl.SslContextFactory" > id="sslContextFactory"> > <Set name="KeyStorePath"> > <SystemProperty default="." > name="jetty.home"/>/etc/keystores/bems.pfx</Set> > <Set name="TrustStorePath"> > <SystemProperty default="." > name="jetty.home"/>/etc/keystores/bems.pfx</Set> > > <Set name="KeyStorePassword">OBF: password will generate after > compilation </Set> > <Set name="KeyManagerPassword">OBF: : password will generate after > compilation </Set> > <Set name="TrustStorePassword">OBF: : password will generate after > compilation </Set> > <Set name="KeyStoreType">PKCS12</Set> > <Set name="TrustStoreType">PKCS12</Set> > > <Set name="ExcludeProtocols"> > <Array type="java.lang.String"> > <Item>TLSv1.1</Item> > <Item>TLSv1</Item> > <Item>SSL</Item> > <Item>SSLv2</Item> > <Item>SSLv2Hello</Item> > <Item>SSLv3</Item> > </Array> > </Set> > > Thanks, > Vamsi Krishna. > > From: Vamsikrishna Koka > Sent: Friday, January 13, 2023 12:42 AM > To: 'u...@karaf.apache.org' <u...@karaf.apache.org<mailto: > u...@karaf.apache.org>>; 'iss...@karaf.apache.org' < > iss...@karaf.apache.org<mailto:iss...@karaf.apache.org>>; > dev@karaf.apache.org<mailto:dev@karaf.apache.org> > Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate. > > Hi Team, > > I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using > PFX file but it was failed due to given below stack trace. > > Please can anyone take look at once. > > 2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util | > 9.4.48.v20220622 | WARN | ID=245 THR=ange controller) > CAT=AbstractLifeCycle MSG=FAILED Server@21d6680d > {FAILED}[9.4.48.v20220622<mailto:Server@21d6680d%7bFAILED%7d[9.4.48.v20220622>]: > java.lang.NullPointerException > java.lang.NullPointerException: null > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) > ~[?:?] > at > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) > ~[?:?] > at > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) > ~[?:?] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) > ~[?:?] > at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > ~[?:?] > at java.lang.Thread.run(Thread.java:829) ~[?:?] > 2023-01-12T12:53:03.281-0500 CEF:1 | org.ops4j.pax.web.pax-web-runtime | > 8.0.6 | ERROR | ID=274 THR=ange controller) CAT=Activator > MSG=Unable to start Pax Web server: null > java.lang.NullPointerException: null > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) > ~[?:?] > at > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) > ~[?:?] > at > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) > ~[?:?] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) > ~[?:?] > at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > ~[?:?] > at java.lang.Thread.run(Thread.java:829) ~[?:?] > > > > Thanks, > Vamsi Krishna. > > > From: Vamsikrishna Koka > Sent: Friday, January 13, 2023 12:38 AM > To: u...@karaf.apache.org<mailto:u...@karaf.apache.org>; > iss...@karaf.apache.org<mailto:iss...@karaf.apache.org> > Subject: Unable to start Pax-Web 8.0.6 due to PFX Certificate. > > Hi Team, > > I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using > PFX file but it was failed due to given below stack trace. > > Please can anyone take look at once. > > 2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util | > 9.4.48.v20220622 | WARN | ID=245 THR=ange controller) > CAT=AbstractLifeCycle MSG=FAILED Server@21d6680d > {FAILED}[9.4.48.v20220622<mailto:Server@21d6680d%7bFAILED%7d[9.4.48.v20220622>]: > java.lang.NullPointerException > java.lang.NullPointerException: null > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) > ~[?:?] > at > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) > ~[?:?] > at > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) > ~[?:?] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) > ~[?:?] > at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > ~[?:?] > at java.lang.Thread.run(Thread.java:829) ~[?:?] > 2023-01-12T12:53:03.281-0500 CEF:1 | org.ops4j.pax.web.pax-web-runtime | > 8.0.6 | ERROR | ID=274 THR=ange controller) CAT=Activator > MSG=Unable to start Pax Web server: null > java.lang.NullPointerException: null > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373) > ~[?:?] > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) > ~[?:?] > at > org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) > ~[?:?] > at > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) > ~[?:?] > at > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) > ~[?:?] > at > org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) > ~[?:?] > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) > ~[?:?] > at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > ~[?:?] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > ~[?:?] > at java.lang.Thread.run(Thread.java:829) ~[?:?] > > > > Thanks, > Vamsi Krishna. > > >