1108307 – [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web servers ssl connector

Bug 1108307 - [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web servers ssl connector

Summary: [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web serv...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Web
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.3.1
Assignee:	Jean-frederic Clere
QA Contact:	Radim Hatlapatka
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:	1108310
Blocks:	eap631-blockers, eap631-payload, eap63-cp01-blockers 1131814
TreeView+	depends on / blocked

Reported:	2014-06-11 17:04 UTC by Derek Horton
Modified:	2018-12-05 18:50 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1108310 (view as bug list)
Environment:
Last Closed:	2014-10-13 18:39:33 UTC
Type:	Bug

Attachments	(Terms of Use)
Proposed patch (1.77 KB, patch) 2014-06-19 09:54 UTC, Emmanuel Hugonnet (ehsavoie)	no flags	Details \| Diff
View All

Description Derek Horton 2014-06-11 17:04:42 UTC

Description of problem:
It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider). However, the JSSESocketFactory checks for a keystore file. This check should likely be skipped when the connector is configured to use the Windows keystore.

Here is what the configuration looks like:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" 
key-alias="jbossweb" 
keystore-type="Windows-MY"
protocol="TLSv1"
</connector>

This results in an error like this:
13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)

You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).

More info on using the Windows keystores can be found here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
http://www.oracle.com/technetwork/articles/javase/security-137537.html

Comment 1 JBoss JIRA Server 2014-06-18 16:11:18 UTC

Emmanuel Hugonnet <ehugonne> updated the status of jira WFLY-3483 to Resolved

Comment 2 Emmanuel Hugonnet (ehsavoie) 2014-06-19 09:54:10 UTC

Created attachment 910317 [details]
Proposed patch

Simple patch that will not define a keystoreFile if we are using the Windows-MY or Windows-ROOT JSSE provider.

Comment 5 Jean-frederic Clere 2014-08-19 14:20:56 UTC

Fixed in jbossweb-7.5.x by r2488

Comment 8 Jakub Cechacek 2014-09-01 08:17:23 UTC

Verified 6.3.1.CP.CR1

Note You need to log in before you can comment on or make changes to this bug.