Paul wrote:
>Subject: [sipX-dev] CAs: sipXecs start-up KeyStoreBuilder
>error,and "Error regenerating KeyStores/TrustStore" in sipXconfig
>
>Hi all,
>
>I have added and deleted a number of files as CAs, some were
>(intentionally) invalid, and some were in DEM format. But I'm
>now back at the point where I have only the single CA which
>was installed by default.
>
>
>The first symptom is that I see this error upon sipXecs service
>start-up:
>
> [sipxcha...@bcmsl2030 sipXconfig]$ sstart
> Exception in thread "main" java.security.KeyStoreException:
>failed to extract any certificates or private keys - maybe bad
>password?
> at
>org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:443)
> at
>org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:118)
> at
>org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:97)
> at
>org.sipfoundry.commons.sipkeystorebuilder.sipkeystorebuilder.ma
>in(sipkey
>storebuilder.java:68)
> Checking bootstrap setup: [ OK ]
> Checking TLS/SSL configuration: [ OK ]
> ...
>
>
>The second symptom is in sipXconfig. I can still add and
>delete valid PEM format CAs , for example verisignclass3ca.crt
>from XX-6247 [1]. But upon doing so results in "Error
>regenerating KeyStores/TrustStore", and no server restart prompt.
>
>
>The ssl directory contents are as follows:
>
> [sipxcha...@bcmsl2030 sipXconfig]$ ls -la $INSTALL/etc/sipxpbx/ssl/
> total 56
> drwxr-xr-x 3 sipxchange sipxchange 4096 Dec 18 11:18 .
> drwxr-xr-x 74 sipxchange sipxchange 4096 Jan 13 04:53 ..
> drwxrwxrwx 2 sipxchange sipxchange 4096 Jan 13 04:53 authorities
> -rw-rw-rw- 1 root root 2910 Jan 8 11:51
>authorities.jks
> -rw--w--w- 1 sipxchange sipxchange 2247 Dec 18 11:18 ssl.crt
> -rw--w--w- 1 sipxchange sipxchange 887 Dec 18 11:18 ssl.key
> -rw-rw-rw- 1 root root 1752 Jan 8 11:51 ssl.keystore
> -rw--w--w- 1 sipxchange sipxchange 19456 Jan 11 05:40 ssl-web.crt
> -rw--w--w- 1 sipxchange sipxchange 887 Jan 4 05:57 ssl-web.key
> -rw-rw-rw- 1 root root 1752 Jan 8 11:51
>ssl-web.keystore
> [sipxcha...@bcmsl2030 sipXconfig]$ ls -la
>$INSTALL/etc/sipxpbx/ssl/authorities
> total 12
> drwxrwxrwx 2 sipxchange sipxchange 4096 Jan 13 04:53 .
> drwxr-xr-x 3 sipxchange sipxchange 4096 Dec 18 11:18 ..
> lrwxrwxrwx 1 root root 30 Jan 13 04:53 47824ee8.0 ->
>ca.bcmsl2030.ca.nortel.com.crt
> -rw-r--r-- 1 sipxchange sipxchange 2342 Dec 18 11:18
>ca.bcmsl2030.ca.nortel.com.crt
>
>
>Any ideas what the problem might be? Should I raise a JIRA?
>
Not sure if this is the root of your problem but for some reason, your
keystores (ssl and ssl-web) are owned by root. They should not be.
Don't quite know how that happened as I made a change before the
holidays that creates the keystores with sipxchange as owner.
_______________________________________________
sipx-dev mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
sipXecs IP PBX -- http://www.sipfoundry.org/
