Bug 1108307

Summary: [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web servers ssl connector
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Derek Horton <dehort>
Component: WebAssignee: Jean-frederic Clere <jclere>
Status: CLOSED CURRENTRELEASE QA Contact: Radim Hatlapatka <rhatlapa>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.3.0CC: bbaranow, cdewolf, chaowan, ehugonne, jawilson, jcacek, jcechace, jclere, myarboro, smumford, tcerar
Target Milestone: CR1Keywords: Triaged
Target Release: EAP 6.3.1   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1108310 (view as bug list) Environment:
Last Closed: 2014-10-13 18:39:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1108310    
Bug Blocks: 1102082, 1131814    
Description Flags
Proposed patch none

Description Derek Horton 2014-06-11 17:04:42 UTC
Description of problem:
It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider). However, the JSSESocketFactory checks for a keystore file. This check should likely be skipped when the connector is configured to use the Windows keystore.

Here is what the configuration looks like:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" 

This results in an error like this:
13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)

You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).

More info on using the Windows keystores can be found here:

Comment 1 JBoss JIRA Server 2014-06-18 16:11:18 UTC
Emmanuel Hugonnet <ehugonne> updated the status of jira WFLY-3483 to Resolved

Comment 2 Emmanuel Hugonnet (ehsavoie) 2014-06-19 09:54:10 UTC
Created attachment 910317 [details]
Proposed patch

Simple patch that will not define a keystoreFile if we are using the Windows-MY or Windows-ROOT JSSE provider.

Comment 5 Jean-frederic Clere 2014-08-19 14:20:56 UTC
Fixed in jbossweb-7.5.x by r2488

Comment 8 Jakub Cechacek 2014-09-01 08:17:23 UTC
Verified 6.3.1.CP.CR1