-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
Unable to configure ssl using credential reference.
Unable to find source-code formatter for language: server.log. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
08:00:24,687 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager: WFLYDM0018: Unable to start service at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:91) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70) at java.security.KeyStore.getKey(KeyStore.java:1023) at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:136) at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:89) ... 5 more 08:00:24,692 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTPS listener https listening on 127.0.0.1:8443 08:00:24,696 INFO [org.jboss.ws.common.management] (MSC service thread 1-4) JBWS022052: Starting JBossWS 5.1.8.Final-redhat-1 (Apache CXF 3.1.11.redhat-1) 08:00:24,702 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("security-realm" => "ManagementWebRealmCr") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.core.management.security.realm.ManagementWebRealmCr.key-manager" => "WFLYDM0018: Unable to start service Caused by: java.security.UnrecoverableKeyException: Cannot recover key"}}
When I use key-password instead of key-password-credential-reference I am able to make it work.
/core-service=management/security-realm=ManagementWebRealmCr/server-identity=ssl:add(keystore-path=server.keystore, keystore-relative-to=jboss.server.config.dir,keystore-password-credential-reference={clear-text=123456}, key-password=123456)
Note, I also get UnrecoverableKeyException: Cannot recover key when I don't specify key-password nor key-password-credential-reference.
/core-service=management/security-realm=ManagementWebRealmCr/server-identity=ssl:add(keystore-path=server.keystore, keystore-relative-to=jboss.server.config.dir,keystore-password-credential-reference={clear-text=123456})
In legacy if key-password is ommitted keystore-password is used instead.
- clones
-
JBEAP-11181 UnrecoverableKeyException: Cannot recover key when using Credential Reference
- Closed