[
https://issues.apache.org/jira/browse/JAMES-3206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490849#comment-17490849
]
Metin Savignano edited comment on JAMES-3206 at 2/11/22, 10:54 AM:
-------------------------------------------------------------------
I think I stumbled upon this issue when trying to get the demo docker image to
work. Please bear with me if I'm wrong.
I had tried to create an own custom docker image based on
dockerfiles/run/guice/provisioned/Dockerfile and replaced the demo keystore
with my own pkcs12 keystore (using the same famous "{{{}james72laBalle{}}}"
password).This resulted in the above exception.
After trying everything with regard to fixing the keystore, I eventually found
out that the pkcs12 format wasn't supported, and after converting the keystore
to JKS, it worked instantly. Wondering why, I did some reserach here in the
existing issues, and it looks like pkcs12 has only been added in a newer
version, but the demo docker image still uses 3.4.0.
{code:java}
FROM linagora/james-jpa-guice:james-project-3.4.0{code}
I changed it to use 3.6.2, and immediately was able to use my pcks12 keystore.
(Also had to edit the {{startup.sh}} script.)
{code:java}
FROM apache/james:jpa-3.6.2{code}
I'm not sure, though, which version is used in the the "Basic" server
(jpa-guice), andit may have been updated since the creation of this issue here.
However, I would recommend to update the demo docker to a newer version. It is
probably used a s a start quite often.
was (Author: JIRAUSER285019):
I think I stumbled upon this issue when trying to get the demo docker image to
work. Please bear with me if I'm wrong.
I had tried to create an own custom docker image based on
dockerfiles/run/guice/provisioned/Dockerfile and replaced the demo keystore
with my own pkcs12 keystore (using the same famous "{{{}james72laBalle{}}}"
password).This resulted in the above exception.
After trying everything with regard to fixing the keystore, I eventually found
out that the pkcs12 format wasn't supported, and after converting the keystore
to JKS, it worked instantly. Wondering why, I did some reserach here in the
existing issues, and it looks like pkcs12 has only been added in a newer
version, but the demo docker image still uses 3.4.0.
{code:java}
FROM linagora/james-jpa-guice:james-project-3.4.0{code}
I changed it to use 3.6.2, and immediately was able to use my pcks12 keystore.
I'm not sure, though, which version is used in the the "Basic" server
(jpa-guice), andit may have been updated since the creation of this issue here.
However, I would recommend to update the demo docker to a newer version. It is
probably used a s a start quite often.
> Keystore Exception when running the "Basic" Server
> --------------------------------------------------
>
> Key: JAMES-3206
> URL: https://issues.apache.org/jira/browse/JAMES-3206
> Project: James Server
> Issue Type: Bug
> Reporter: David Leangen
> Priority: Blocker
>
> When attempting to run the "Basic" server (jpa-guice) out-of-the-box, I am
> unable to get the server running due to a password exception:
> {code:java}
> 12:13:26.044 [ERROR] o.a.j.GuiceJamesServer - Fatal error while starting James
> java.security.UnrecoverableKeyException: failed to decrypt safe contents
> entry: java.lang.IllegalStateException: password has been cleared
> ... 32 common frames omitted
> Wrapped by: java.io.IOException: keystore password was incorrect
> at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
> at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
> at java.base/java.security.KeyStore.load(Unknown Source)
> at
> org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.buildSSLContext(AbstractConfigurableAsyncServer.java:396)
> at
> org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer.init(AbstractConfigurableAsyncServer.java:264)
> at
> org.apache.james.protocols.lib.netty.AbstractServerFactory.init(AbstractServerFactory.java:58)
> at
> org.apache.james.modules.protocols.IMAPServerModule.lambda$configureImap$0(IMAPServerModule.java:93)
> at
> org.apache.james.utils.InitilizationOperationBuilder$PrivateImpl.initModule(InitilizationOperationBuilder.java:52)
> at
> com.github.fge.lambdas.consumers.ConsumerChainer.lambda$sneakyThrow$9(ConsumerChainer.java:73)
> at java.base/java.util.stream.ReferencePipeline$11$1.accept(Unknown Source)
> at java.base/java.util.stream.DistinctOps$1$2.accept(Unknown Source)
> at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown
> Source)
> at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
> at
> java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown
> Source)
> at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
> at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown
> Source)
> at
> java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown
> Source)
> at
> java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown
> Source)
> at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
> at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
> at java.base/java.util.stream.ReferencePipeline$7$1.accept(Unknown Source)
> at
> java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown
> Source)
> at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
> at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown
> Source)
> at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown
> Source)
> at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
> at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
> at
> org.apache.james.utils.InitializationOperations.processConfigurables(InitializationOperations.java:53)
> at
> org.apache.james.utils.InitializationOperations.initModules(InitializationOperations.java:43)
> at org.apache.james.GuiceJamesServer.start(GuiceJamesServer.java:93)
> at org.apache.james.JamesServerMain.main(JamesServerMain.java:24)
> at org.apache.james.JPAJamesServerMain.main(JPAJamesServerMain.java:105)
> 12:14:23.287 [ERROR] o.a.j.PeriodicalHealthChecks - UNHEALTHY: Guice
> application lifecycle : James server is not started.
> {code}
> I opened a session into the docker container to test the keystore. It exists
> in the conf directory and works as intended with the default password.
> So I do not know why this exception occurs and the server does not start. :(
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
