Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-5627

Configuring one-way TLS: Invalid keystore format

    XMLWordPrintable

Details

    • False
    • False
    • Hide

      create project

      export NAMESPACE=amq-bug-ns
oc new-project ${NAMESPACE}

      create OperatorGroup and Subscription

      cat <<EOT > OperatorGroup.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"annotations":{},"name":"${NAMESPACE}-operators","namespace":"${NAMESPACE}"},"spec":{"targetNamespaces":["${NAMESPACE}"]}}
    olm.providedAPIs: ActiveMQArtemis.v2alpha4.broker.amq.io,ActiveMQArtemisAddress.v2alpha2.broker.amq.io,ActiveMQArtemisScaledown.v2alpha1.broker.amq.io
  generation: 1
  name: ${NAMESPACE}-operators
  namespace: ${NAMESPACE}
spec:
  targetNamespaces:
  - ${NAMESPACE}
EOT

oc apply -f OperatorGroup.yaml

cat <<EOT > Subscription.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"annotations":{},"name":"amq-broker","namespace":"${NAMESPACE}"},"spec":{"channel":"7.x","installPlanApproval":"Automatic","name":"amq-broker","source":"redhat-operators","sourceNamespace":"openshift-marketplace"}}
  labels:
    operators.coreos.com/amq-broker.${NAMESPACE}: ""
  name: amq-broker
  namespace: ${NAMESPACE}
spec:
  channel: 7.x
  installPlanApproval: Automatic
  name: amq-broker
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOT

oc apply -f Subscription.yaml

      create SSL keys

      export SECRET_NAME=my-tls-secret
keytool -genkey -keypass redhat -storepass redhat -alias broker -dname "CN=*-${NAMESPACE}.apps.eapqe-023-gom7.eapqe.psi.redhat.com, OU=TF, O=XTF, L=Brno, S=CZ, C=CZ" -keyalg RSA -keystore broker.ks
keytool -export -keypass redhat -storepass redhat -alias broker -keystore broker.ks -file broker_cert.pem
keytool -import -noprompt -keypass redhat -storepass redhat -alias broker -keystore client.ts -file broker_cert.pem
oc create secret generic ${SECRET_NAME} --from-file=broker.ks=broker.ks --from-file=client.ts=broker.ks --from-literal=keyStorePassword=redhat --from-literal=trustStorePassword=redhat
oc secrets link sa/amq-broker-operator secret/${SECRET_NAME}

      create broker

      cat <<EOT > ActiveMQArtemis-ERR.yaml
apiVersion: broker.amq.io/v2alpha4
kind: ActiveMQArtemis
metadata:
  name: amq-broker-err
  namespace: ${NAMESPACE}
spec:
  acceptors:
  - anycastPrefix: jms.queue.
    connectionsAllowed: 10
    expose: true
    multicastPrefix: jms.topic.
    name: all
    port: 61617
    protocols: all
    sslEnabled: true
    sslProvider: JDK
    sslSecret: ${SECRET_NAME}
    verifyHost: false
  connectors:
  - enabledCipherSuites: SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    enabledProtocols: TLSv1,TLSv1.1,TLSv1.2
    expose: true
    host: localhost
    name: connector0
    needClientAuth: true
    port: 22222
    sslEnabled: false
    sslProvider: JDK
    verifyHost: true
    wantClientAuth: true
  console:
    expose: true
  deploymentPlan:
    image: registry.redhat.io/amq7/amq-broker:7.8
    journalType: nio
    messageMigration: false
    persistenceEnabled: false
    requireLogin: false
    size: 2
  upgrades:
    enabled: false
    minor: false
EOT

oc apply -f ActiveMQArtemis-ERR.yaml

      now look at the broker POD logs and you see the erorr:

      oc logs amq-broker-err-ss-0
...
Caused by: java.io.IOException: Invalid keystore format
...

      NOTE 1: you can reproduce the error also using a "hand" made POD obtained by adapting the definition of the amq-broker-err-ss-0 POD

      cat <<EOT > POD-ERR.yaml
apiVersion: v1
kind: Pod
metadata:
  name: amq-broker-err-ss-err
  namespace: ${NAMESPACE}
spec:
  containers:
  - command:
    - /opt/amq/bin/launch.sh
    - start
    env:
    - name: AMQ_ROLE
      value: admin
    - name: AMQ_NAME
      value: amq-broker
    - name: AMQ_TRANSPORTS
    - name: AMQ_QUEUES
    - name: AMQ_ADDRESSES
    - name: AMQ_GLOBAL_MAX_SIZE
      value: 100 mb
    - name: AMQ_REQUIRE_LOGIN
      value: "false"
    - name: AMQ_EXTRA_ARGS
      value: --no-autotune
    - name: AMQ_ANYCAST_PREFIX
    - name: AMQ_MULTICAST_PREFIX
    - name: POD_NAMESPACE
    - name: AMQ_JOURNAL_TYPE
      value: nio
    - name: CONFIG_INSTANCE_DIR
      value: /amq/init/config
    - name: PING_SVC_NAME
      value: amq-broker-err-ping-svc
    - name: AMQ_CLUSTERED
      value: "true"
    - name: AMQ_ENABLE_JOLOKIA_AGENT
      value: "false"
    - name: AMQ_ENABLE_MANAGEMENT_RBAC
      value: "false"
    - name: CONFIG_BROKER
      value: "false"
    - name: AMQ_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_USER
          name: amq-broker-err-credentials-secret
    - name: TRIGGERED_ROLL_COUNT
      value: "2"
    - name: AMQ_ACCEPTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_ACCEPTORS
          name: amq-broker-err-netty-secret
    - name: AMQ_CONNECTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_CONNECTORS
          name: amq-broker-err-netty-secret
    image: registry.redhat.io/amq7/amq-broker:7.8
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      tcpSocket:
        port: 8161
      timeoutSeconds: 5
    name: amq-broker-err-container
    readinessProbe:
      exec:
        command:
        - /bin/bash
        - -c
        - /opt/amq/bin/readinessProbe.sh
      failureThreshold: 3
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000840000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /etc/my-tls-secret-volume
      name: my-tls-secret-volume
      readOnly: true
    - mountPath: /amq/init/config
      name: amq-cfg-dir
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-vtz6t
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  hostname: amq-broker-err-ss-err
  imagePullSecrets:
  - name: default-dockercfg-gt5xs
  initContainers:
  - args:
    - -c
    - /opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh
    command:
    - /bin/bash
    env:
    - name: AMQ_ROLE
      value: admin
    - name: AMQ_NAME
      value: amq-broker
    - name: AMQ_TRANSPORTS
    - name: AMQ_QUEUES
    - name: AMQ_ADDRESSES
    - name: AMQ_GLOBAL_MAX_SIZE
      value: 100 mb
    - name: AMQ_REQUIRE_LOGIN
      value: "false"
    - name: AMQ_EXTRA_ARGS
      value: --no-autotune
    - name: AMQ_ANYCAST_PREFIX
    - name: AMQ_MULTICAST_PREFIX
    - name: POD_NAMESPACE
    - name: AMQ_JOURNAL_TYPE
      value: nio
    - name: TRIGGERED_ROLL_COUNT
      value: "0"
    - name: PING_SVC_NAME
      value: amq-broker-err-ping-svc
    - name: AMQ_CLUSTERED
      value: "true"
    - name: AMQ_ENABLE_JOLOKIA_AGENT
      value: "false"
    - name: AMQ_ENABLE_MANAGEMENT_RBAC
      value: "false"
    - name: RUN_BROKER
      value: "false"
    - name: CONFIG_INSTANCE_DIR
      value: /amq/init/config
    - name: AMQ_CLUSTER_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_ACCEPTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_ACCEPTORS
          name: amq-broker-err-netty-secret
    - name: AMQ_CONNECTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_CONNECTORS
          name: amq-broker-err-netty-secret
    image: registry.redhat.io/amq7/amq-broker-init-rhel7@sha256:16b649b60ab0dcf93e4e0953033337bb651f99c2d1a1f11fff56ae8b93f5fefc
    imagePullPolicy: IfNotPresent
    name: amq-broker-err-container-init
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000840000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /amq/init/config
      name: amq-cfg-dir
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-vtz6t
      readOnly: true
  nodeName: eapqe-023-gom7-9n76c-worker-0-kmtxl
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000840000
    seLinuxOptions:
      level: s0:c29,c14
  serviceAccount: default
  serviceAccountName: default
  subdomain: amq-broker-err-hdls-svc
  terminationGracePeriodSeconds: 60
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: my-tls-secret-volume
    secret:
      defaultMode: 420
      secretName: my-tls-secret
  - emptyDir: {}
    name: amq-cfg-dir
  - name: kube-api-access-vtz6t
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
      - configMap:
          items:
          - key: service-ca.crt
            path: service-ca.crt
          name: openshift-service-ca.crt
EOT

oc apply -f POD-ERR.yaml

      NOTE 1: you can eliminate the error using a "hand" made POD obtained by adapting the definition of the amq-broker-err-ss-0 POD where you use an older image

      basically :

      # e.g. using image in tag 7.8-16.1623245297
cat <<EOT > POD-OK.yaml
apiVersion: v1
kind: Pod
metadata:
  name: amq-broker-err-ss-ok
  namespace: ${NAMESPACE}
spec:
  containers:
  - command:
    - /opt/amq/bin/launch.sh
    - start
    env:
    - name: AMQ_ROLE
      value: admin
    - name: AMQ_NAME
      value: amq-broker
    - name: AMQ_TRANSPORTS
    - name: AMQ_QUEUES
    - name: AMQ_ADDRESSES
    - name: AMQ_GLOBAL_MAX_SIZE
      value: 100 mb
    - name: AMQ_REQUIRE_LOGIN
      value: "false"
    - name: AMQ_EXTRA_ARGS
      value: --no-autotune
    - name: AMQ_ANYCAST_PREFIX
    - name: AMQ_MULTICAST_PREFIX
    - name: POD_NAMESPACE
    - name: AMQ_JOURNAL_TYPE
      value: nio
    - name: CONFIG_INSTANCE_DIR
      value: /amq/init/config
    - name: PING_SVC_NAME
      value: amq-broker-err-ping-svc
    - name: AMQ_CLUSTERED
      value: "true"
    - name: AMQ_ENABLE_JOLOKIA_AGENT
      value: "false"
    - name: AMQ_ENABLE_MANAGEMENT_RBAC
      value: "false"
    - name: CONFIG_BROKER
      value: "false"
    - name: AMQ_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_USER
          name: amq-broker-err-credentials-secret
    - name: TRIGGERED_ROLL_COUNT
      value: "2"
    - name: AMQ_ACCEPTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_ACCEPTORS
          name: amq-broker-err-netty-secret
    - name: AMQ_CONNECTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_CONNECTORS
          name: amq-broker-err-netty-secret
    image: registry.redhat.io/amq7/amq-broker:7.8-16.1623245297
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      tcpSocket:
        port: 8161
      timeoutSeconds: 5
    name: amq-broker-err-container
    readinessProbe:
      exec:
        command:
        - /bin/bash
        - -c
        - /opt/amq/bin/readinessProbe.sh
      failureThreshold: 3
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000840000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /etc/my-tls-secret-volume
      name: my-tls-secret-volume
      readOnly: true
    - mountPath: /amq/init/config
      name: amq-cfg-dir
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-vtz6t
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  hostname: amq-broker-err-ss-ok
  imagePullSecrets:
  - name: default-dockercfg-gt5xs
  initContainers:
  - args:
    - -c
    - /opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh
    command:
    - /bin/bash
    env:
    - name: AMQ_ROLE
      value: admin
    - name: AMQ_NAME
      value: amq-broker
    - name: AMQ_TRANSPORTS
    - name: AMQ_QUEUES
    - name: AMQ_ADDRESSES
    - name: AMQ_GLOBAL_MAX_SIZE
      value: 100 mb
    - name: AMQ_REQUIRE_LOGIN
      value: "false"
    - name: AMQ_EXTRA_ARGS
      value: --no-autotune
    - name: AMQ_ANYCAST_PREFIX
    - name: AMQ_MULTICAST_PREFIX
    - name: POD_NAMESPACE
    - name: AMQ_JOURNAL_TYPE
      value: nio
    - name: TRIGGERED_ROLL_COUNT
      value: "0"
    - name: PING_SVC_NAME
      value: amq-broker-err-ping-svc
    - name: AMQ_CLUSTERED
      value: "true"
    - name: AMQ_ENABLE_JOLOKIA_AGENT
      value: "false"
    - name: AMQ_ENABLE_MANAGEMENT_RBAC
      value: "false"
    - name: RUN_BROKER
      value: "false"
    - name: CONFIG_INSTANCE_DIR
      value: /amq/init/config
    - name: AMQ_CLUSTER_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_CLUSTER_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_CLUSTER_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_USER
      valueFrom:
        secretKeyRef:
          key: AMQ_USER
          name: amq-broker-err-credentials-secret
    - name: AMQ_PASSWORD
      valueFrom:
        secretKeyRef:
          key: AMQ_PASSWORD
          name: amq-broker-err-credentials-secret
    - name: AMQ_ACCEPTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_ACCEPTORS
          name: amq-broker-err-netty-secret
    - name: AMQ_CONNECTORS
      valueFrom:
        secretKeyRef:
          key: AMQ_CONNECTORS
          name: amq-broker-err-netty-secret
    image: registry.redhat.io/amq7/amq-broker-init-rhel7@sha256:16b649b60ab0dcf93e4e0953033337bb651f99c2d1a1f11fff56ae8b93f5fefc
    imagePullPolicy: IfNotPresent
    name: amq-broker-err-container-init
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000840000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /amq/init/config
      name: amq-cfg-dir
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-vtz6t
      readOnly: true
  nodeName: eapqe-023-gom7-9n76c-worker-0-kmtxl
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000840000
    seLinuxOptions:
      level: s0:c29,c14
  serviceAccount: default
  serviceAccountName: default
  subdomain: amq-broker-err-hdls-svc
  terminationGracePeriodSeconds: 60
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: my-tls-secret-volume
    secret:
      defaultMode: 420
      secretName: my-tls-secret
  - emptyDir: {}
    name: amq-cfg-dir
  - name: kube-api-access-vtz6t
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
      - configMap:
          items:
          - key: service-ca.crt
            path: service-ca.crt
          name: openshift-service-ca.crt
EOT

oc apply -f POD-OK.yaml
      Show
      create project export NAMESPACE=amq-bug-ns oc new-project ${NAMESPACE} create OperatorGroup and Subscription cat <<EOT > OperatorGroup.yaml apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"annotations":{},"name":"${NAMESPACE}-operators","namespace":"${NAMESPACE}"},"spec":{"targetNamespaces":["${NAMESPACE}"]}} olm.providedAPIs: ActiveMQArtemis.v2alpha4.broker.amq.io,ActiveMQArtemisAddress.v2alpha2.broker.amq.io,ActiveMQArtemisScaledown.v2alpha1.broker.amq.io generation: 1 name: ${NAMESPACE}-operators namespace: ${NAMESPACE} spec: targetNamespaces: - ${NAMESPACE} EOT oc apply -f OperatorGroup.yaml cat <<EOT > Subscription.yaml apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"annotations":{},"name":"amq-broker","namespace":"${NAMESPACE}"},"spec":{"channel":"7.x","installPlanApproval":"Automatic","name":"amq-broker","source":"redhat-operators","sourceNamespace":"openshift-marketplace"}} labels: operators.coreos.com/amq-broker.${NAMESPACE}: "" name: amq-broker namespace: ${NAMESPACE} spec: channel: 7.x installPlanApproval: Automatic name: amq-broker source: redhat-operators sourceNamespace: openshift-marketplace EOT oc apply -f Subscription.yaml create SSL keys export SECRET_NAME=my-tls-secret keytool -genkey -keypass redhat -storepass redhat -alias broker -dname "CN=*-${NAMESPACE}.apps.eapqe-023-gom7.eapqe.psi.redhat.com, OU=TF, O=XTF, L=Brno, S=CZ, C=CZ" -keyalg RSA -keystore broker.ks keytool -export -keypass redhat -storepass redhat -alias broker -keystore broker.ks -file broker_cert.pem keytool -import -noprompt -keypass redhat -storepass redhat -alias broker -keystore client.ts -file broker_cert.pem oc create secret generic ${SECRET_NAME} --from-file=broker.ks=broker.ks --from-file=client.ts=broker.ks --from-literal=keyStorePassword=redhat --from-literal=trustStorePassword=redhat oc secrets link sa/amq-broker-operator secret/${SECRET_NAME} create broker cat <<EOT > ActiveMQArtemis-ERR.yaml apiVersion: broker.amq.io/v2alpha4 kind: ActiveMQArtemis metadata: name: amq-broker-err namespace: ${NAMESPACE} spec: acceptors: - anycastPrefix: jms.queue. connectionsAllowed: 10 expose: true multicastPrefix: jms.topic. name: all port: 61617 protocols: all sslEnabled: true sslProvider: JDK sslSecret: ${SECRET_NAME} verifyHost: false connectors: - enabledCipherSuites: SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA enabledProtocols: TLSv1,TLSv1.1,TLSv1.2 expose: true host: localhost name: connector0 needClientAuth: true port: 22222 sslEnabled: false sslProvider: JDK verifyHost: true wantClientAuth: true console: expose: true deploymentPlan: image: registry.redhat.io/amq7/amq-broker:7.8 journalType: nio messageMigration: false persistenceEnabled: false requireLogin: false size: 2 upgrades: enabled: false minor: false EOT oc apply -f ActiveMQArtemis-ERR.yaml now look at the broker POD logs and you see the erorr: oc logs amq-broker-err-ss-0 ... Caused by: java.io.IOException: Invalid keystore format ... NOTE 1: you can reproduce the error also using a "hand" made POD obtained by adapting the definition of the amq-broker-err-ss-0 POD cat <<EOT > POD-ERR.yaml apiVersion: v1 kind: Pod metadata: name: amq-broker-err-ss-err namespace: ${NAMESPACE} spec: containers: - command: - /opt/amq/bin/launch.sh - start env: - name: AMQ_ROLE value: admin - name: AMQ_NAME value: amq-broker - name: AMQ_TRANSPORTS - name: AMQ_QUEUES - name: AMQ_ADDRESSES - name: AMQ_GLOBAL_MAX_SIZE value: 100 mb - name: AMQ_REQUIRE_LOGIN value: "false" - name: AMQ_EXTRA_ARGS value: --no-autotune - name: AMQ_ANYCAST_PREFIX - name: AMQ_MULTICAST_PREFIX - name: POD_NAMESPACE - name: AMQ_JOURNAL_TYPE value: nio - name: CONFIG_INSTANCE_DIR value: /amq/init/config - name: PING_SVC_NAME value: amq-broker-err-ping-svc - name: AMQ_CLUSTERED value: "true" - name: AMQ_ENABLE_JOLOKIA_AGENT value: "false" - name: AMQ_ENABLE_MANAGEMENT_RBAC value: "false" - name: CONFIG_BROKER value: "false" - name: AMQ_PASSWORD valueFrom: secretKeyRef: key: AMQ_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_USER valueFrom: secretKeyRef: key: AMQ_CLUSTER_USER name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_PASSWORD valueFrom: secretKeyRef: key: AMQ_CLUSTER_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_USER valueFrom: secretKeyRef: key: AMQ_USER name: amq-broker-err-credentials-secret - name: TRIGGERED_ROLL_COUNT value: "2" - name: AMQ_ACCEPTORS valueFrom: secretKeyRef: key: AMQ_ACCEPTORS name: amq-broker-err-netty-secret - name: AMQ_CONNECTORS valueFrom: secretKeyRef: key: AMQ_CONNECTORS name: amq-broker-err-netty-secret image: registry.redhat.io/amq7/amq-broker:7.8 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8161 timeoutSeconds: 5 name: amq-broker-err-container readinessProbe: exec: command: - /bin/bash - -c - /opt/amq/bin/readinessProbe.sh failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID runAsUser: 1000840000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/my-tls-secret-volume name: my-tls-secret-volume readOnly: true - mountPath: /amq/init/config name: amq-cfg-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vtz6t readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: amq-broker-err-ss-err imagePullSecrets: - name: default-dockercfg-gt5xs initContainers: - args: - -c - /opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh command: - /bin/bash env: - name: AMQ_ROLE value: admin - name: AMQ_NAME value: amq-broker - name: AMQ_TRANSPORTS - name: AMQ_QUEUES - name: AMQ_ADDRESSES - name: AMQ_GLOBAL_MAX_SIZE value: 100 mb - name: AMQ_REQUIRE_LOGIN value: "false" - name: AMQ_EXTRA_ARGS value: --no-autotune - name: AMQ_ANYCAST_PREFIX - name: AMQ_MULTICAST_PREFIX - name: POD_NAMESPACE - name: AMQ_JOURNAL_TYPE value: nio - name: TRIGGERED_ROLL_COUNT value: "0" - name: PING_SVC_NAME value: amq-broker-err-ping-svc - name: AMQ_CLUSTERED value: "true" - name: AMQ_ENABLE_JOLOKIA_AGENT value: "false" - name: AMQ_ENABLE_MANAGEMENT_RBAC value: "false" - name: RUN_BROKER value: "false" - name: CONFIG_INSTANCE_DIR value: /amq/init/config - name: AMQ_CLUSTER_USER valueFrom: secretKeyRef: key: AMQ_CLUSTER_USER name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_PASSWORD valueFrom: secretKeyRef: key: AMQ_CLUSTER_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_USER valueFrom: secretKeyRef: key: AMQ_USER name: amq-broker-err-credentials-secret - name: AMQ_PASSWORD valueFrom: secretKeyRef: key: AMQ_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_ACCEPTORS valueFrom: secretKeyRef: key: AMQ_ACCEPTORS name: amq-broker-err-netty-secret - name: AMQ_CONNECTORS valueFrom: secretKeyRef: key: AMQ_CONNECTORS name: amq-broker-err-netty-secret image: registry.redhat.io/amq7/amq-broker-init-rhel7@sha256:16b649b60ab0dcf93e4e0953033337bb651f99c2d1a1f11fff56ae8b93f5fefc imagePullPolicy: IfNotPresent name: amq-broker-err-container-init resources: {} securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID runAsUser: 1000840000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /amq/init/config name: amq-cfg-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vtz6t readOnly: true nodeName: eapqe-023-gom7-9n76c-worker-0-kmtxl preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000840000 seLinuxOptions: level: s0:c29,c14 serviceAccount: default serviceAccountName: default subdomain: amq-broker-err-hdls-svc terminationGracePeriodSeconds: 60 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: my-tls-secret-volume secret: defaultMode: 420 secretName: my-tls-secret - emptyDir: {} name: amq-cfg-dir - name: kube-api-access-vtz6t projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt EOT oc apply -f POD-ERR.yaml NOTE 1: you can eliminate the error using a "hand" made POD obtained by adapting the definition of the amq-broker-err-ss-0 POD where you use an older image basically : bugged image latest, 7.8, 7.8-22.1630314618 : https://catalog.redhat.com/software/containers/amq7/amq-broker/5d1cdce45a134672890c73d4?container-tabs=overview&tag=7.8-22.1630314618&push_date=1630328624000 working image 7.8-16.1623245297: https://catalog.redhat.com/software/containers/amq7/amq-broker/5d1cdce45a134672890c73d4?container-tabs=overview&tag=7.8-16.1623245297&push_date=1625519200000 # e.g. using image in tag 7.8-16.1623245297 cat <<EOT > POD-OK.yaml apiVersion: v1 kind: Pod metadata: name: amq-broker-err-ss-ok namespace: ${NAMESPACE} spec: containers: - command: - /opt/amq/bin/launch.sh - start env: - name: AMQ_ROLE value: admin - name: AMQ_NAME value: amq-broker - name: AMQ_TRANSPORTS - name: AMQ_QUEUES - name: AMQ_ADDRESSES - name: AMQ_GLOBAL_MAX_SIZE value: 100 mb - name: AMQ_REQUIRE_LOGIN value: "false" - name: AMQ_EXTRA_ARGS value: --no-autotune - name: AMQ_ANYCAST_PREFIX - name: AMQ_MULTICAST_PREFIX - name: POD_NAMESPACE - name: AMQ_JOURNAL_TYPE value: nio - name: CONFIG_INSTANCE_DIR value: /amq/init/config - name: PING_SVC_NAME value: amq-broker-err-ping-svc - name: AMQ_CLUSTERED value: "true" - name: AMQ_ENABLE_JOLOKIA_AGENT value: "false" - name: AMQ_ENABLE_MANAGEMENT_RBAC value: "false" - name: CONFIG_BROKER value: "false" - name: AMQ_PASSWORD valueFrom: secretKeyRef: key: AMQ_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_USER valueFrom: secretKeyRef: key: AMQ_CLUSTER_USER name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_PASSWORD valueFrom: secretKeyRef: key: AMQ_CLUSTER_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_USER valueFrom: secretKeyRef: key: AMQ_USER name: amq-broker-err-credentials-secret - name: TRIGGERED_ROLL_COUNT value: "2" - name: AMQ_ACCEPTORS valueFrom: secretKeyRef: key: AMQ_ACCEPTORS name: amq-broker-err-netty-secret - name: AMQ_CONNECTORS valueFrom: secretKeyRef: key: AMQ_CONNECTORS name: amq-broker-err-netty-secret image: registry.redhat.io/amq7/amq-broker:7.8-16.1623245297 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8161 timeoutSeconds: 5 name: amq-broker-err-container readinessProbe: exec: command: - /bin/bash - -c - /opt/amq/bin/readinessProbe.sh failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID runAsUser: 1000840000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/my-tls-secret-volume name: my-tls-secret-volume readOnly: true - mountPath: /amq/init/config name: amq-cfg-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vtz6t readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: amq-broker-err-ss-ok imagePullSecrets: - name: default-dockercfg-gt5xs initContainers: - args: - -c - /opt/amq/bin/launch.sh && /opt/amq-broker/script/default.sh command: - /bin/bash env: - name: AMQ_ROLE value: admin - name: AMQ_NAME value: amq-broker - name: AMQ_TRANSPORTS - name: AMQ_QUEUES - name: AMQ_ADDRESSES - name: AMQ_GLOBAL_MAX_SIZE value: 100 mb - name: AMQ_REQUIRE_LOGIN value: "false" - name: AMQ_EXTRA_ARGS value: --no-autotune - name: AMQ_ANYCAST_PREFIX - name: AMQ_MULTICAST_PREFIX - name: POD_NAMESPACE - name: AMQ_JOURNAL_TYPE value: nio - name: TRIGGERED_ROLL_COUNT value: "0" - name: PING_SVC_NAME value: amq-broker-err-ping-svc - name: AMQ_CLUSTERED value: "true" - name: AMQ_ENABLE_JOLOKIA_AGENT value: "false" - name: AMQ_ENABLE_MANAGEMENT_RBAC value: "false" - name: RUN_BROKER value: "false" - name: CONFIG_INSTANCE_DIR value: /amq/init/config - name: AMQ_CLUSTER_USER valueFrom: secretKeyRef: key: AMQ_CLUSTER_USER name: amq-broker-err-credentials-secret - name: AMQ_CLUSTER_PASSWORD valueFrom: secretKeyRef: key: AMQ_CLUSTER_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_USER valueFrom: secretKeyRef: key: AMQ_USER name: amq-broker-err-credentials-secret - name: AMQ_PASSWORD valueFrom: secretKeyRef: key: AMQ_PASSWORD name: amq-broker-err-credentials-secret - name: AMQ_ACCEPTORS valueFrom: secretKeyRef: key: AMQ_ACCEPTORS name: amq-broker-err-netty-secret - name: AMQ_CONNECTORS valueFrom: secretKeyRef: key: AMQ_CONNECTORS name: amq-broker-err-netty-secret image: registry.redhat.io/amq7/amq-broker-init-rhel7@sha256:16b649b60ab0dcf93e4e0953033337bb651f99c2d1a1f11fff56ae8b93f5fefc imagePullPolicy: IfNotPresent name: amq-broker-err-container-init resources: {} securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID runAsUser: 1000840000 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /amq/init/config name: amq-cfg-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-vtz6t readOnly: true nodeName: eapqe-023-gom7-9n76c-worker-0-kmtxl preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1000840000 seLinuxOptions: level: s0:c29,c14 serviceAccount: default serviceAccountName: default subdomain: amq-broker-err-hdls-svc terminationGracePeriodSeconds: 60 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: my-tls-secret-volume secret: defaultMode: 420 secretName: my-tls-secret - emptyDir: {} name: amq-cfg-dir - name: kube-api-access-vtz6t projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - configMap: items: - key: service-ca.crt path: service-ca.crt name: openshift-service-ca.crt EOT oc apply -f POD-OK.yaml

    Description

      When configuring one-way TLSas described in documentation, when the broker POD starts, it produces the following error:

      -XX:+UseParallelOldGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MaxMetaspaceSize=100m -XX:+ExitOnOutOfMemoryError
Removing provided -XX:+UseParallelOldGC in favour of artemis.profile provided option
Running server env: home: /home/jboss AMQ_HOME /opt/amq CONFIG_BROKER false RUN_BROKER
NO RUN_BROKER defined
Using custom configuration. Copy from /amq/init/config to /home/jboss/amq-broker
bin
data
etc
lib
log
tmp
Running Broker in /home/jboss/amq-broker
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
           __  __  ____    ____            _
     /\   |  \/  |/ __ \  |  _ \          | |
    /  \  | \  / | |  | | | |_) |_ __ ___ | | _____ _ __
   / /\ \ | |\/| | |  | | |  _ <| '__/ _ \| |/ / _ \ '__|
  / ____ \| |  | | |__| | | |_) | | | (_) |   <  __/ |
 /_/    \_\_|  |_|\___\_\ |____/|_|  \___/|_|\_\___|_|

 Red Hat AMQ 7.8.2.GA


2021-10-20 10:05:25,924 INFO  [org.apache.activemq.artemis.integration.bootstrap] AMQ101000: Starting ActiveMQ Artemis Server
2021-10-20 10:05:25,958 INFO  [org.apache.activemq.artemis.core.server] AMQ221000: live Message Broker is starting with configuration Broker Configuration (clustered=true,journalDirectory=data/journal,bindingsDirectory=data/bindings,largeMessagesDirectory=data/large-messages,pagingDirectory=data/paging)
2021-10-20 10:05:25,988 INFO  [org.apache.activemq.artemis.core.server] AMQ221013: Using NIO Journal
2021-10-20 10:05:26,031 INFO  [org.apache.activemq.artemis.core.server] AMQ221057: Global Max Size is being adjusted to 1/2 of the JVM max size (-Xmx). being defined as 1,966,080,000
2021-10-20 10:05:26,149 WARNING [org.jgroups.stack.Configurator] JGRP000014: BasicTCP.use_send_queues has been deprecated: will be removed in 4.0
2021-10-20 10:05:26,157 WARNING [org.jgroups.stack.Configurator] JGRP000014: Discovery.timeout has been deprecated: GMS.join_timeout should be used instead
2021-10-20 10:05:26,196 INFO  [org.jgroups.protocols.openshift.DNS_PING] serviceName [amq-broker-ping-svc] set; clustering enabled
2021-10-20 10:05:29,255 INFO  [org.openshift.ping.common.Utils] 3 attempt(s) with a 1000ms sleep to execute [GetServicePort] failed. Last failure was [java.lang.NullPointerException: null]
2021-10-20 10:05:29,255 WARNING [org.jgroups.protocols.openshift.DNS_PING] No DNS SRV record found for service [amq-broker-ping-svc]

-------------------------------------------------------------------
GMS: address=amq-broker-ss-0-48800, cluster=activemq_broadcast_channel, physical address=10.129.3.244:7800
-------------------------------------------------------------------
2021-10-20 10:05:32,308 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-server]. Adding protocol support for: CORE
2021-10-20 10:05:32,309 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol support for: AMQP
2021-10-20 10:05:32,309 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding protocol support for: HORNETQ
2021-10-20 10:05:32,309 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol support for: MQTT
2021-10-20 10:05:32,310 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding protocol support for: OPENWIRE
2021-10-20 10:05:32,310 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol support for: STOMP
2021-10-20 10:05:32,353 INFO  [org.apache.activemq.artemis.core.server] AMQ221034: Waiting indefinitely to obtain live lock
2021-10-20 10:05:32,353 INFO  [org.apache.activemq.artemis.core.server] AMQ221035: Live Server Obtained live lock
2021-10-20 10:05:32,528 INFO  [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address DLQ supporting [ANYCAST]
2021-10-20 10:05:32,538 INFO  [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue DLQ on address DLQ
2021-10-20 10:05:32,588 INFO  [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST]
2021-10-20 10:05:32,589 INFO  [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue
2021-10-20 10:05:32,813 WARN  [org.apache.activemq.artemis.core.server] AMQ222080: Error instantiating remoting acceptor org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptorFactory: java.lang.IllegalStateException: Unable to create NettyAcceptor for amq-broker-ss-0.amq-broker-hdls-svc.tborgato1.svc.cluster.local:61617
	at org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.loadSSLContext(NettyAcceptor.java:394) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.<init>(NettyAcceptor.java:346) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptorFactory.createAcceptor(NettyAcceptorFactory.java:43) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl.createAcceptor(RemotingServiceImpl.java:275) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl.start(RemotingServiceImpl.java:218) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart2(ActiveMQServerImpl.java:3240) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:76) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:639) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:558) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.integration.FileBroker.start(FileBroker.java:64) [artemis-cli-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.cli.commands.Run.execute(Run.java:115) [artemis-cli-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:153) [artemis-cli-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:101) [artemis-cli-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:128) [artemis-cli-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_302]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_302]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_302]
	at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_302]
	at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:134) [artemis-boot.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:50) [artemis-boot.jar:2.16.0.redhat-00022]
Caused by: java.io.IOException: Invalid keystore format
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666) [rt.jar:1.8.0_302]
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) [rt.jar:1.8.0_302]
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) [rt.jar:1.8.0_302]
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) [rt.jar:1.8.0_302]
	at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_302]
	at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeystore(SSLSupport.java:308) [artemis-core-client-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory(SSLSupport.java:333) [artemis-core-client-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagers(SSLSupport.java:321) [artemis-core-client-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.createContext(SSLSupport.java:203) [artemis-core-client-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.ssl.DefaultSSLContextFactory.getSSLContext(DefaultSSLContextFactory.java:44) [artemis-core-client-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	at org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.loadSSLContext(NettyAcceptor.java:391) [artemis-server-2.16.0.redhat-00022.jar:2.16.0.redhat-00022]
	... 19 more

      Attachments

        Issue Links

          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ENTMQBR-5762 Update the acceptor and connector configuration with *StoreType and *StoreProvider

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-rkieley Roderick Kieley
              tborgato@redhat.com Tommaso Borgato
              Tiago Bueno Tiago Bueno
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: