Fix and workaround for the "Supplied key (null) is not a RSAPrivateKey instance" error in the Server Settings / Server Certificates screen

Marcin_Cieslak · December 3, 2011, 9:35pm

keytool insists on storing full certificate chain when importing certificate into the keystore, therefore it is sometimes necessary to import a CA root into the certificate keystore (not only into the truststore).

After importing certficate for the key, all additional certificates (intermediary CAs, root CAs, etc.) should be deleted from the keystore

using “keytool -delete”, otherwise a “Supplied key (null) is not a RSAPrivateKey instance” exception will be displayed in the Server Certificates screen.

Exception itself can be fixed easily:

Index: src/web/ssl-certificates.jsp
===================================================================
--- src/web/ssl-certificates.jsp     (wersja 12902)
+++ src/web/ssl-certificates.jsp     (kopia robocza)
@@ -348,7 +348,9 @@
               if (isSigningPending) {
                   // Generate new signing request for certificate
                   PrivateKey privKey = (PrivateKey) keyStore.getKey(a, SSLConfig.getKeyPassword().toCharArray());
-                  signingRequests.put(a, CertificateManager.createSigningRequest(c, privKey));
+                  if (privKey != null) {
+                      signingRequests.put(a, CertificateManager.createSigningRequest(c, privKey));
+                  }
               }
   %>              <tr valign="top">

Probably a whole logic of this look needs some review; those certificates without private keys are now displayed as Pending Verification items.

akrherz · December 3, 2011, 10:27pm

Hi Marcin,

Would you be interested in getting Jira access to file these patches and perhaps get svn committer rights? We are desperate for openfire developers.

daryl

Marcin_Cieslak · December 3, 2011, 11:35pm

Great! I have created the JIRA account. What’s the process - what should be filed to openfire-dev first, what can go directly into JIRA and what should go into svn without bothering those? Long time since I did Java coding for fun - you should probably review all my code.

ssh-dss AAAAB3NzaC1kc3MAAACBAOBWSjxfTMz4Sve7rjL04h+aW9Mt3OdjiuXoIxJ1WkCE1Ash/ip08eEkhwcgX8Pqoh6krXw488JFiWrh06KhmTdUxpE6tbXXju4ZuetdwJ2J7YLXALU2Jy0117xFH/hUjMIZe4GkvOIpE0V+4YV8V8Ehw2ejqyPAvDd7XOej9lNvAAAAFQDKf0vhyzVrnsIEjL2QmcyoEiOKYwAAAIEAn+1BwSAQHa72x5zgYwbhAZTywIRLI/g1fp3rNLLvWKB+dymccob3IHqhhFErQK5vWXZk/4LVOAm8nGKuzWRvc78kuy5I/jKSbZlSHgREXLQcah47IQH2bZhn6TKmINCUqA6tVi0dddIATs+a3/FEy91rhd0gz8+zk/nCS/m/vp0AAACASNsTa97AaOhLZZQXXTNedtGmkpNjrGQgwrcBPO8WLdQAhweSSVIR2rcfeFHbT1JU8noHZSIYSvFegsj6qE4xahcjcsWI0DK1DSFqiJamrpl2TFGr1bBKwQFHStA7cbSbHdLoNTznLmcmN2VkLcVOiGuYc2mDkmG1MlFKBVWV3M0=

This is my SSH public key.

akrherz · December 4, 2011, 1:57am

Hello,

You are now have elevated privs in Jira for openfire. Please poke around in there, create tickets, attach patches. I’ll see if I can get Guus to review them and get you svn access if you are willing and able

daryl

Marcin_Cieslak · December 10, 2011, 12:56am

This one is posted as OF-498

One more thing: can you grant me JIRA rights to SMACK? I’d like to post http://community.igniterealtime.org/message/218661 there.

Regarding SVN: Can we clean up CR-LF’s and add SVN properties (I can do that if there is noone else volunteering…)