having a issue changing Kurento projects certificate?

蓝咒 提交于 2020-01-23 01:28:29

问题


I have configured the environment of [kurento server][1] (a WebRTC media server and a set of client APIs making simple the development of advanced video applications for WWW and smartphone platforms) and I got the tutorial project up and running.

But I am having an issue with changing the certificate that are included with the projects.

Can you please point me in the right direction on how to do that without causing a problem, since when I created a new keystore the maven compile failed.

-- here is a snapshot of the stack trace after doing what the site [ securing the application ] steps ( I double checked the password and certificate ) :

2017-07-16 10:35:43.508 ERROR 11944 --- [llRecApp.main()] o.a.coyote.http11.Http11NioProtocol      : Failed to start end point associated with ProtocolHandler [https-jsse-nio-8443]

java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:874) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:590) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:969) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:233) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:178) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
    at org.kurento.tutorial.one2onecallrec.One2OneCallRecApp.main(One2OneCallRecApp.java:68) [classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
    at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:293) [exec-maven-plugin-1.4.0.jar:na]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[na:1.8.0_131]
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[na:1.8.0_131]
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[na:1.8.0_131]
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[na:1.8.0_131]
    at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_131]
    at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:194) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    ... 23 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[na:1.8.0_131]
    ... 31 common frames omitted

[1]: http://doc-kurento.readthedocs.io/en/stable/what_is_kurento.html


回答1:


Without an exact description of "the problem" or "the issue", it will be difficult to pinpoint what can help.

You can start by double-checking the content of "Securing Kurento Applications".
For instance, the command

mvn compile exec:java -Dkms.url=ws://kms_host:kms_port/kurento

would only work if your jar does include the new keystore in your jar file:

File keystore.jks must be in the project’s root path, and a file named application.properties must exist in src/main/resources/, with the following content:

server.port: 8443
server.ssl.key-store: keystore.jks
server.ssl.key-store-password: yourPassword
server.ssl.keyStoreType: JKS
server.ssl.keyAlias: yourKeyAlias

Double-check with this answer which states:

Check that you file is according to that, and make sure that you are providing the correct keystore location in server.ssl.key-store

Regarding the error message "Keystore was tampered with, or password was incorrect", see "keytool error Keystore was tampered with, or password was incorrect". It can be a passphrase issue for instance.

The OP AhMaD AbUIeSa adds in the comments:

After creating a new keystore from official site using the certificate and the private key the project worked with no problem.


As commented below by Nikola Lukic, to add a new certificat, you would need to :

  • copy it into the container (docker container cp) using the right path (a path valid from within the container, not the host),
  • create a new image (docker container commit)
  • run the new image as a new container: docker container run


来源:https://stackoverflow.com/questions/45125342/having-a-issue-changing-kurento-projects-certificate

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!