问题
I have configured the environment of [kurento server][1] (a WebRTC media server and a set of client APIs making simple the development of advanced video applications for WWW and smartphone platforms) and I got the tutorial project up and running.
But I am having an issue with changing the certificate that are included with the projects.
Can you please point me in the right direction on how to do that without causing a problem, since when I created a new keystore the maven compile failed.
-- here is a snapshot of the stack trace after doing what the site [ securing the application ] steps ( I double checked the password and certificate ) :
2017-07-16 10:35:43.508 ERROR 11944 --- [llRecApp.main()] o.a.coyote.http11.Http11NioProtocol : Failed to start end point associated with ProtocolHandler [https-jsse-nio-8443]
java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:874) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:590) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:969) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:233) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:178) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.kurento.tutorial.one2onecallrec.One2OneCallRecApp.main(One2OneCallRecApp.java:68) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:293) [exec-maven-plugin-1.4.0.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[na:1.8.0_131]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[na:1.8.0_131]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[na:1.8.0_131]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[na:1.8.0_131]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_131]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:194) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
... 23 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[na:1.8.0_131]
... 31 common frames omitted
[1]: http://doc-kurento.readthedocs.io/en/stable/what_is_kurento.html
回答1:
Without an exact description of "the problem" or "the issue", it will be difficult to pinpoint what can help.
You can start by double-checking the content of "Securing Kurento Applications".
For instance, the command
mvn compile exec:java -Dkms.url=ws://kms_host:kms_port/kurento
would only work if your jar does include the new keystore in your jar file:
File
keystore.jks
must be in the project’s root path, and a file namedapplication.properties
must exist insrc/main/resources/
, with the following content:server.port: 8443 server.ssl.key-store: keystore.jks server.ssl.key-store-password: yourPassword server.ssl.keyStoreType: JKS server.ssl.keyAlias: yourKeyAlias
Double-check with this answer which states:
Check that you file is according to that, and make sure that you are providing the correct keystore location in
server.ssl.key-store
Regarding the error message "Keystore was tampered with, or password was incorrect", see "keytool error Keystore was tampered with, or password was incorrect". It can be a passphrase issue for instance.
The OP AhMaD AbUIeSa adds in the comments:
After creating a new keystore from official site using the certificate and the private key the project worked with no problem.
As commented below by Nikola Lukic, to add a new certificat, you would need to :
- copy it into the container (docker container cp) using the right path (a path valid from within the container, not the host),
- create a new image (docker container commit)
- run the new image as a new container: docker container run
来源:https://stackoverflow.com/questions/45125342/having-a-issue-changing-kurento-projects-certificate