RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
Grzegorz Grzybek,
Thank you so much for looking into this.
What is you $KARAF_HOME/etc/org.ops4j.pax.web.cfg configuration?
There is no password in org.ops4j.pax.web.cfg file. It was reading external
configuration file. Which is jetty xml file.
$KARAF_HOME/etc/org.ops4j.pax.web.cfg file :-
org.osgi.service.http.port=8181
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.listening.addresses=127.0.0.1
org.ops4j.pax.web.config.file = ${karaf.home}/etc/jetty.xml
org.ops4j.pax.web.session.timeout=30
$KARAF_HOME/etc/jetty.xml file :-
/etc/keystores/bems.pfx
/etc/keystores/bems.pfx
OBF: password will generate after
compilation
OBF: : password will generate after
compilation
OBF: : password will generate after
compilation
PKCS12
PKCS12
TLSv1.1
TLSv1
SSL
SSLv2
SSLv2Hello
SSLv3
Thanks,
Vamsi Krishna.
From: Vamsikrishna Koka
Sent: 13 January 2023 00:42
To: u...@karaf.apache.org; iss...@karaf.apache.org; dev@karaf.apache.org
Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
Hi Team,
I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using PFX
file but it was failed due to given below stack trace.
Please can anyone take look at once.
2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util | 9.4.48.v20220622
| WARN | ID=245 THR=ange controller) CAT=AbstractLifeCycle
MSG=FAILED
Server@21d6680d{FAILED}[9.4.48.v20220622]:
java.lang.NullPointerException
java.lang.NullPointerException: null
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
~[?:?]
at
org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
~[?:?]
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
~[?:?]
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
~[?:?]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[?:?]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
~[?:?]
at
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
~[?:?]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[?:?]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
~[?:?]
at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
~[?:?]
at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
~[?:?]
at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
~[?:?]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[?:?]
at org.eclipse.jetty.server.Server.doStart(Server.java:401) ~[?:?]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[?:?]
at
org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623)
~[?:?]
at
org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109)
~[?:?]
at
org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551)
~[?:?]
at
org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441)
~[?:?]
at
org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347)
~[?:?]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
~[?:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
~[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-01-12T12:53:03.281-0500 CEF:1 | org.ops4j.pax.web.pax-web-runtime | 8.0.6
| ERROR | ID=274 THR=ange controller) CAT=Activator
MSG=Unable to start Pax Web
[ANN] Apache Karaf OSGi runtime 4.4.3 released !
The Apache Karaf team is pleased to announce Apache Karaf OSGi runtime 4.4.3 release. This release is a maintenance release bringing a lot of dependency updates and fixes. Especially, this release includes: - fix threads leak in karaf-maven-plugin (in verify feature goal) - fix on JMX stub IP address assignation (especially on different docker networks) - re-add shell:alias command - fix ssh client on Windows - upgrade to Aries JAX RS Whiteboard 2.0.2 - upgrade to Pax Web 8.0.15 - and several dependency updates ! You can take a look on the Release Notes for details: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140=12352267 You can download this release: https://karaf.apache.org/download.html Enjoy! The Apache Karaf team
Re: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
Hello
Having just:
in KARAF_HOME/etc/jetty.xml is not enough to have proper SSL configuration.
In Karaf, when you install "pax-web-http-jetty" you'll get
KARAF_HOME/etc/org.ops4j.pax.web.cfg template with this section:
# secure connector configuration
org.osgi.service.http.secure.enabled = false
#org.osgi.service.http.port.secure = 8443
#org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore
#org.ops4j.pax.web.ssl.truststore.password = passw0rd
#org.ops4j.pax.web.ssl.truststore.type = JKS
#org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore
#org.ops4j.pax.web.ssl.keystore.password = passw0rd
#org.ops4j.pax.web.ssl.keystore.type = JKS
#org.ops4j.pax.web.ssl.key.password = passw0rd
#org.ops4j.pax.web.ssl.key.alias = server
#org.ops4j.pax.web.ssl.clientauth.needed = false
#org.ops4j.pax.web.ssl.protocols.included = TLSv1.3
#org.ops4j.pax.web.ssl.protocol = TLSv1.3
#org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3
#org.ops4j.pax.web.ssl.ciphersuites.included =
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384
#org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking
#org.ops4j.pax.web.ssl.renegotiationAllowed = true
#org.ops4j.pax.web.ssl.session.enabled = true
so you can use it for SSL configuration. Next week I'll check what's the
actual problem with your config - see here for follow-up:
https://github.com/ops4j/org.ops4j.pax.web/issues/1821
regards
Grzegorz Grzybek
pt., 13 sty 2023 o 15:31 Vamsikrishna Koka
napisał(a):
> + dev@karaf.apache.org
>
> From: Vamsikrishna Koka
> Sent: 13 January 2023 19:16
> To: u...@karaf.apache.org; iss...@karaf.apache.org
> Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
>
> Thank you so much for looking into this @Grzegorz Grzybek.
>
> What is you $KARAF_HOME/etc/org.ops4j.pax.web.cfg configuration?
>
> There is no password in org.ops4j.pax.web.cfg file. It was reading
> external configuration file. Which is jetty xml file.
>
> $KARAF_HOME/etc/org.ops4j.pax.web.cfg file :-
>
> org.osgi.service.http.port=8181
> org.osgi.service.http.secure.enabled=true
> org.osgi.service.http.port.secure=8443
> org.ops4j.pax.web.listening.addresses=127.0.0.1
> org.ops4j.pax.web.config.file = ${karaf.home}/etc/jetty.xml
> org.ops4j.pax.web.session.timeout=30
>
> $KARAF_HOME/etc/jetty.xml file :-
>
> id="sslContextFactory">
>
>name="jetty.home"/>/etc/keystores/bems.pfx
>
>name="jetty.home"/>/etc/keystores/bems.pfx
>
> OBF: password will generate after
> compilation
> OBF: : password will generate after
> compilation
> OBF: : password will generate after
> compilation
> PKCS12
> PKCS12
>
>
>
> TLSv1.1
> TLSv1
> SSL
> SSLv2
> SSLv2Hello
> SSLv3
>
>
>
> Thanks,
> Vamsi Krishna.
>
> From: Vamsikrishna Koka
> Sent: Friday, January 13, 2023 12:42 AM
> To: 'u...@karaf.apache.org' u...@karaf.apache.org>>; 'iss...@karaf.apache.org' <
> iss...@karaf.apache.org>;
> dev@karaf.apache.org
> Subject: RE: Unable to start Pax-Web 8.0.6 by using PFX Certificate.
>
> Hi Team,
>
> I have migrated karaf version 4.4.1 and OpenJDK 11 also. Tried to using
> PFX file but it was failed due to given below stack trace.
>
> Please can anyone take look at once.
>
> 2023-01-12T12:53:03.265-0500 CEF:1 | org.eclipse.jetty.util |
> 9.4.48.v20220622 | WARN | ID=245 THR=ange controller)
> CAT=AbstractLifeCycleMSG=FAILED Server@21d6680d
> {FAILED}[9.4.48.v20220622]:
> java.lang.NullPointerException
> java.lang.NullPointerException: null
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2364)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
> ~[?:?]
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> ~[?:?]
> at
> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> ~[?:?]
> at
>
[GitHub] [karaf-site] wborn opened a new pull request, #70: Fix Deploy header in README.md
wborn opened a new pull request, #70: URL: https://github.com/apache/karaf-site/pull/70 The Deploy header is not properly rendered because it uses a [non-breaking space](https://en.wikipedia.org/wiki/Non-breaking_space) instead of a normal space. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [karaf-site] wborn opened a new pull request, #69: Use HTTPS download links
wborn opened a new pull request, #69: URL: https://github.com/apache/karaf-site/pull/69 There is a redirect to HTTPS anyhow. If the redirect stops working one day a MITM attack could occur causing users to install malware. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
