HTTPS on JBoss AS 7.1.2

Question

I have followed the below link to setup HTTPS on jboss AS 7.1.2

http://middlewaremagic.com/jboss/?p=992

But after this when I start jboss, I get the following error:

10:31:05,481 ERROR [org.apache.coyote.http11.Http11AprProtocol]
        ↳ (MSC service thread 1-11) Error initializing endpoint: java.lang.Exception:
        ↳ Unable to load certificate key ../standalone/configuration/chap8.keystore
        ↳ (error:0906D06C:PEM routines:PEM_read_bio:no start line)
    at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) [jbossweb-7.0.16.Final.jar:]
    at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:644) [jbossweb-7.0.16.Final.jar:]
    at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.16.Final.jar:]
    at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.16.Final.jar:]
    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.2.Final.jar:7.1.2.Final]
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]

10:31:05,489 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-11)
        ↳ MSC00001: Failed to start service jboss.web.connector.https:
        ↳ org.jboss.msc.service.StartException in service jboss.web.connector.https:
        ↳ JBAS018007: Error starting web connector
    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: LifecycleException:  Protocol handler initialization failed: java.lang.Exception:
        ↳ Unable to load certificate key ../standalone/configuration/chap8.keystore
        ↳ (error:0906D06C:PEM routines:PEM_read_bio:no start line)
    at org.apache.catalina.connector.Connector.init(Connector.java:985)
    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
    ... 5 more

Please help me solve this issue.

Answer 1

I know that this question was added over year ago, but someone might find this answer helpful. You are using org.apache.coyote.http11.Http11AprProtocol protocol, which uses native OpenSSL. Provided certificate (basing on file extension) is JKS keystore. OpenSSL cannot read this format and therefore throws error:0906D06C:PEM routines:PEM_read_bio:no start line. In order to resolve this you must convert your keystore to OpenSSL compliant format (crt, pem, key) or generate new keys etc. using OpenSSL. There is also some configuration differences. Refer to this JBoss docs. This works on Jboss AS 7.3.2, but as far as I know there is no difference between 7.1.2 and 7.3.2 in this matter.

Answer 2

I was getting the above error since JBoss was using native APR libraries. The issue is solved by making JBoss use JSE libraries instead of native APR libraries.

Use native="false" in the subsystem tag to solve the issue.