[sipX-dev] CAs: sipXecs start-up KeyStoreBuilder error, and "Error regenerating KeyStores/TrustStore" in sipXconfig

Wed, 13 Jan 2010 06:21:08 -0800 

Hi all,

I have added and deleted a number of files as CAs, some were
(intentionally) invalid, and some were in DEM format.  But I'm now back
at the point where I have only the single CA which was installed by
default.


The first symptom is that I see this error upon sipXecs service
start-up:

   [sipxcha...@bcmsl2030 sipXconfig]$ sstart
   Exception in thread "main" java.security.KeyStoreException: failed to
extract any certificates or private keys - maybe bad password?
      at
org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:443)
      at
org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:118)
      at
org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:97)
      at
org.sipfoundry.commons.sipkeystorebuilder.sipkeystorebuilder.main(sipkey
storebuilder.java:68)
   Checking bootstrap setup:                                  [  OK  ]
   Checking TLS/SSL configuration:                            [  OK  ]
   ...


The second symptom is in sipXconfig.  I can still add and delete valid
PEM format CAs , for example verisignclass3ca.crt from XX-6247 [1].  But
upon doing so results in "Error regenerating KeyStores/TrustStore", and
no server restart prompt.


The ssl directory contents are as follows:

   [sipxcha...@bcmsl2030 sipXconfig]$ ls -la $INSTALL/etc/sipxpbx/ssl/
   total 56
   drwxr-xr-x  3 sipxchange sipxchange  4096 Dec 18 11:18 .
   drwxr-xr-x 74 sipxchange sipxchange  4096 Jan 13 04:53 ..
   drwxrwxrwx  2 sipxchange sipxchange  4096 Jan 13 04:53 authorities
   -rw-rw-rw-  1 root       root        2910 Jan  8 11:51
authorities.jks
   -rw--w--w-  1 sipxchange sipxchange  2247 Dec 18 11:18 ssl.crt
   -rw--w--w-  1 sipxchange sipxchange   887 Dec 18 11:18 ssl.key
   -rw-rw-rw-  1 root       root        1752 Jan  8 11:51 ssl.keystore
   -rw--w--w-  1 sipxchange sipxchange 19456 Jan 11 05:40 ssl-web.crt
   -rw--w--w-  1 sipxchange sipxchange   887 Jan  4 05:57 ssl-web.key
   -rw-rw-rw-  1 root       root        1752 Jan  8 11:51
ssl-web.keystore
   [sipxcha...@bcmsl2030 sipXconfig]$ ls -la
$INSTALL/etc/sipxpbx/ssl/authorities
   total 12
   drwxrwxrwx 2 sipxchange sipxchange 4096 Jan 13 04:53 .
   drwxr-xr-x 3 sipxchange sipxchange 4096 Dec 18 11:18 ..
   lrwxrwxrwx 1 root       root         30 Jan 13 04:53 47824ee8.0 ->
ca.bcmsl2030.ca.nortel.com.crt
   -rw-r--r-- 1 sipxchange sipxchange 2342 Dec 18 11:18
ca.bcmsl2030.ca.nortel.com.crt


Any ideas what the problem might be?  Should I raise a JIRA?


-Paul
[email protected]


[1] http://track.sipfoundry.org/browse/XX-6247 : support uploading
phonebook from gmail address book -
http://track.sipfoundry.org/secure/attachment/23630/verisignclass3ca.crt

_______________________________________________
sipx-dev mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to