I spoke too fast. it seems we have a race condition where if I attemp
to debug the karaf startup ( ie stepping thru o.a.k.managent ) i dont
see the issue.
However if I run it karaf directly from command line, karaf get into a
infinite loop. It looks like mbean server started tryting to look for
certificates but none avaible. More debug needed. Note if you place
jaas:keystore in o.a.k.managent
bundle i dont see this issue
17:57:31,079 | WARN | TCP Accept-2098 | tcp
| sun.rmi.runtime.Log$LoggerLog 220 | - - | RMI TCP
Accept-2098: accept loop for [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=2098]] throws
javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)[:1.6]
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)[:1.6]
at
sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:369)[:1.6.0_22]
at
sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:341)[:1.6.0_22]
at java.lang.Thread.run(Thread.java:662)[:1.6.0_22]
17:57:31,080 | WARN | TCP Accept-2098 | tcp
| sun.rmi.runtime.Log$LoggerLog 220 | - - | RMI TCP
Accept-2098: accept loop for [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=2098]] throws
javax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)[:1.6]
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)[:1.6]
at
sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:369)[:1.6.0_22]
at
sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:341)[:1.6.0_22]
at java.lang.Thread.run(Thread.java:662)[:1.6.0_22]
On Tue, Jun 7, 2011 at 5:34 PM, Dan Tran <[email protected]> wrote:
> Hi Guillaume
>
> You are total right, karaf is smart enough to look and load for all
> <jaas:keystore> from all bundles before starting o.a.k.managenent
> bundle.
>
> Another question, does it make sense to create a predefined keystore
> and trustore pairs for both karaf and karaf client. To be install as
> part of karaf distribution?
>
> -D
>
> On Tue, Jun 7, 2011 at 7:02 AM, Guillaume Nodet <[email protected]> wrote:
>> If you move the <jaas:keystore /> element in a separate bundle it
>> should still work.
>> Have you tried that ?
>>
>> On Sun, Jun 5, 2011 at 03:45, Dan Tran <[email protected]> wrote:
>>> Hello
>>>
>>> I need a way to deploy new keystore/truststore at runtime before
>>> o.a.k.management bundle start to add SSL support for JMX MbeanServer.
>>>
>>> According to this link
>>> http://karaf.apache.org/manual/2.2.1-SNAPSHOT/developers-guide/security-framework.html,
>>> i can do so, but i don't see how i could do so
>>>
>>> details are at https://issues.apache.org/jira/browse/KARAF-541
>>>
>>> Big thanks ahead
>>>
>>> -Dan
>>>
>>
>>
>>
>> --
>> ------------------------
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>>
>
