Hi Benoit,
Thank you so much for your response.
*Error Message - *
{"timestamp":"2023-07-24T05:11:32.351Z","level":"WARN","thread":"main","logger":"org.apache.james.jwt.PublicKeyReader","message":"Key
is not an instance of SubjectPublicKeyInfo but of null","context":"default"}
{"timestamp":"2023-07-24T05:11:32.366Z","level":"ERROR","thread":"main","logger":"org.apache.james.GuiceJamesServer","message":"Fatal
error while starting
James","context":"default","exception":"com.google.inject.ProvisionException:
Unable to provision, see the following errors:\n\n1)
[Guice/ErrorInCustomProvider]: IllegalStateException: One of the provided
public key is not valid at
JMAPModule.providesJwtTokenVerifier(JMAPModule.java:238)
*Additional information as follows:*
*Method of Installation - Official James Helm Helm Chart from Release 3.8.0
- *Helm-Chart
<https://github.com/apache/james-project/tree/3.8.x/server/apps/distributed-app/helm-chart>
We are using the documentation for following installation instruction -
run-kubernetes
<https://github.com/apache/james-project/blob/3.8.x/server/apps/distributed-app/docs/modules/ROOT/pages/run/run-kubernetes.adoc>
Additionally generated by antora.
*Comment -* some bits of jwtPublicKey/ jwtPrivateKey in secrets.yaml file
causing the issue. However, Self Signed, locally generated valid
certificates are used.
We can provide a certificate and private key using cert-manager, but I
don't know in which format the certificate will be provided in the
secrets.yaml file. It looks like PEM format is accepted.
In jwtPublicKey I am using .crt content
In jwtPrivateKey I am using .key content
-----BEGIN PUBLIC KEY----- wrapper is shown in documents but Can you please
guide me what file content needs to be used.
Warm Regards,
Gaurav Tyagi
On Mon, 24 Jul 2023 at 06:46, Benoit TELLIER <btell...@linagora.com> wrote:
> Hello,
>
> I'm willing to help but the images do not display well.. Can you share the
> errors by text please?
>
> --
>
>
> Best regards,
>
>
>
> Benoit TELLIER
>
>
>
> General manager of Linagora VIETNAM.
>
> Product owner for Team-Mail product.
>
> Chairman of the Apache James project.
>
>
>
> Mail: btell...@linagora.com
>
> Tel: (0033) 6 77 26 04 58 (WhatsApp, Signal)
>
> On Jul 23, 2023 4:44 PM, from gau...@padminisys.com.invalidHello All,
>
>
>
> I am using helm chart for apache james latest stable release.
>
>
>
> You can see following secrets.yaml file
>
>
>
>
>
>
>
>
>
> I have set it as mentioned in the documentation.
>
>
>
> When POD starts everything connects well like Cass, RabbitMQ, Open Search
> but see error while configuring cert.
>
>
>
> I am seeing below error:
>
>
>
>
>
>
>
>
>
>
>
> "message":"Key is not an instance of SubjectPublicKeyInfo but of null"
>
> IllegalStateException: One of the provided public key is not valid
>
>
>
> I have cert Manager installed on my cluster, but I am using this
> self-signed cert using the process -
> https://www.baeldung.com/openssl-self-signed-cert
>
>
>
> In jwtPublicKey I am using .crt content
>
> In jwtPrivateKey I am using .key content
>
>
>
> Both are pem formatted file but as suggested by james docs they have
> mentioned to use -----BEGIN PUBLIC KEY----- wrapper.
>
>
>
> I am stuck and POD is not starting, Anyone’s help is highly appreciated.
>
>
>
> Thanks,
>
> Gaurav
>
> Software Engineer
>
> Padmini System Private Limited
>
> Mumbai, India
>
>
>
>
>
>
>
>
> Padmini Systems Private Limited puts the security of the client at a high
> priority. Therefore, we have put efforts into ensuring that the message is
> error and virus-free. Unfortunately, full security of the email cannot be
> ensured as, despite our efforts, the data included in emails could be
> infected, intercepted, or corrupted. Therefore, the recipient should check
> the email for threats with proper software, as the sender does not accept
> liability for any damage inflicted by viewing the content of this email.
>
--
*Padmini Systems Private Limited* puts the security of the client at a high
priority. Therefore, we have put efforts into ensuring that the message is
error and virus-free. Unfortunately, full security of the email cannot be
ensured as, despite our efforts, the data included in emails could be
infected, intercepted, or corrupted. Therefore, the recipient should check
the email for threats with proper software, as the sender does not accept
liability for any damage inflicted by viewing the content of this email.
