No problem. There are two distinct errors here so I’ll just post them both.
The generic IOException that occurs if I try to use the ImportKey java class I wrote about (not related to the KB issue):
2007.12.18 20:42:15 org.jivesoftware.openfire.http.HttpBindManager.createSSLConnector(HttpBindManage r.java:157) Error creating SSL connector for Http bind
java.io.IOException
at org.jivesoftware.openfire.net.SSLConfig.getKeyStore(SSLConfig.java:265)
at org.jivesoftware.openfire.http.HttpBindManager.createSSLConnector(HttpBindManag er.java:133)
at org.jivesoftware.openfire.http.HttpBindManager.configureHttpBindServer(HttpBind Manager.java:257)
at org.jivesoftware.openfire.http.HttpBindManager.start(HttpBindManager.java:89)
at org.jivesoftware.openfire.spi.ConnectionManagerImpl.startHTTPBindListeners(Conn ectionManagerImpl.java:505)
at org.jivesoftware.openfire.spi.ConnectionManagerImpl.startListeners(ConnectionMa nagerImpl.java:134)
at org.jivesoftware.openfire.spi.ConnectionManagerImpl.access$000(ConnectionManage rImpl.java:52)
at org.jivesoftware.openfire.spi.ConnectionManagerImpl$1.pluginsMonitored(Connecti onManagerImpl.java:106)
at org.jivesoftware.openfire.container.PluginManager.firePluginsMonitored(PluginMa nager.java:532)
at org.jivesoftware.openfire.container.PluginManager.access$800(PluginManager.java :46)
at org.jivesoftware.openfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:1023)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Schedu ledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
and this one which seems to have the same cause:
2007.12.18 20:42:14 org.jivesoftware.openfire.container.AdminConsolePlugin.startup(AdminConsolePlugi n.java:120)
java.io.IOException
at org.jivesoftware.openfire.net.SSLConfig.getKeyStore(SSLConfig.java:265)
at org.jivesoftware.openfire.container.AdminConsolePlugin.startup(AdminConsolePlug in.java:95)
at org.jivesoftware.openfire.container.AdminConsolePlugin.initializePlugin(AdminCo nsolePlugin.java:169)
at org.jivesoftware.openfire.container.PluginManager.loadPlugin(PluginManager.java :447)
at org.jivesoftware.openfire.container.PluginManager.access$300(PluginManager.java :46)
at org.jivesoftware.openfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:1013)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Schedu ledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
The exception I fished out of the logs about the signed overrun, which is what you were talking about in regards to the thawte KB:
java.security.cert.CertificateParsingException: signed overrun, bytes = 64
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1712)
at sun.security.x509.X509CertImpl.(X509CertImpl.java:303)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:532)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:4 17)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.j ava:427)
at org.jivesoftware.util.CertificateManager.installCert(CertificateManager.java:46 8)
at org.jivesoftware.openfire.admin.import_002dcertificate_jsp._jspService(import_0 02dcertificate_jsp.java:93)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:211)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844 )
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
Using the keytool -import command from the thawte article results in the usual problem that there is no private key. I had a very quick look through the sources around CertificateManager:468 and java.security.cert.CertificateFactory, but the advice from thawte to use an explicit -alias does not seem to translate easily to the CertificateFactory; I couldn’t find any way to read in the certificate with an explicit alias.
I’m not sure the thawte article is relevant though. Thawte suggests to use:
keytool -import -alias -trustcacerts -file mycert.crt -keystore keystore
Just for kicks I tried keytool -import -file mycert.crt -keystore keystore, WITHOUT an -alias parameter, the exact thing the thawte article hints will solve the problem. This works just the same, and uses the default alias of ‘mykey’. Of some concern to myself is that in this case keytool STILL says the cert is for (CN=) EssentialSSL CA and not ‘tipit.to’.