Environment
- JDK17
- STS4.17.0
- spring-boot 2.6.14/3.0.2
- Maven3
Prepare
Parameter【dname】 is changed:
keytool -genkeypair -alias "test" -keyalg "RSA" -keysize 2048 -dname "CN=com.study,O=study,OU=development,L=j,ST=h,C=AA" -validity 7 -keystore "D:\keys\y2023n1\test.keystore"
keytool -exportcert -alias test -file "D:\keys\y2023n1\test.crt" -keystore "D:\keys\y2023n1\test.keystore"
keytool -exportcert -alias test -file "D:\keys\y2023n1\test.p12" -keystore "D:\keys\y2023n1\test.keystore"
Code
AppSSL.java
package com.study;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class AppSSL {
public static void main(String[] args) {
SpringApplication.run(AppSSL.class, args);
}
}
AppSSL.java
package com.study.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class TestController {
@ResponseBody
@GetMapping("/")
public String index() {
return "system is running with "+System.getProperty("java.version");
}
}
application.yml
server:
port: 7443
ssl:
key-store-password: 123456
key-store: classpath:config/test.p12
key-store-type: PKCS12
Launch
Failed to start the application:
org.springframework.context.ApplicationContextException: Failed to start bean 'webServerStartStop'
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:181) ~[spring-context-6.0.4.jar:6.0.4]
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:356) ~[spring-context-6.0.4.jar:6.0.4]
at java.base/java.lang.Iterable.forEach(Iterable.java:75) ~[na:na]
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:155) ~[spring-context-6.0.4.jar:6.0.4]
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:123) ~[spring-context-6.0.4.jar:6.0.4]
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:932) ~[spring-context-6.0.4.jar:6.0.4]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:587) ~[spring-context-6.0.4.jar:6.0.4]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:730) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:432) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:308) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1302) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1291) ~[spring-boot-3.0.2.jar:3.0.2]
at com.study.AppSSL.main(AppSSL.java:10) ~[classes/:na]
Caused by: org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:229) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.web.servlet.context.WebServerStartStopLifecycle.start(WebServerStartStopLifecycle.java:44) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:178) ~[spring-context-6.0.4.jar:6.0.4]
... 13 common frames omitted
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:238) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:282) ~[spring-boot-3.0.2.jar:3.0.2]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:213) ~[spring-boot-3.0.2.jar:3.0.2]
... 15 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1084) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:234) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
... 17 common frames omitted
Caused by: java.lang.IllegalArgumentException: DerValue.getBigIntegerInternal, not expected 48
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:106) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:70) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1172) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1258) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:586) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1081) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
... 19 common frames omitted
Caused by: java.io.IOException: DerValue.getBigIntegerInternal, not expected 48
at java.base/sun.security.util.DerValue.getBigIntegerInternal(DerValue.java:633) ~[na:na]
at java.base/sun.security.util.DerValue.getIntegerInternal(DerValue.java:594) ~[na:na]
at java.base/sun.security.util.DerValue.getInteger(DerValue.java:590) ~[na:na]
at java.base/sun.security.util.DerInputStream.getInteger(DerInputStream.java:126) ~[na:na]
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2014) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1473) ~[na:na]
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:104) ~[tomcat-embed-core-10.1.5.jar:10.1.5]
... 25 common frames omitted
Comment From: wilkinsona
The problem isn't related to Spring Boot. It will also occur with a direct call to KeyStore.load in the application's main method:
package com.study;
import java.security.KeyStore;
public class AppSSL {
public static void main(String[] args) throws Exception {
KeyStore
.getInstance("PKCS12")
.load(AppSSL.class.getClassLoader().getResourceAsStream("config/test.p12"), "secret".toCharArray());
}
}
Exception in thread "main" java.io.IOException: DerValue.getBigIntegerInternal, not expected 48
at java.base/sun.security.util.DerValue.getBigIntegerInternal(DerValue.java:605)
at java.base/sun.security.util.DerValue.getIntegerInternal(DerValue.java:566)
at java.base/sun.security.util.DerValue.getInteger(DerValue.java:562)
at java.base/sun.security.util.DerInputStream.getInteger(DerInputStream.java:126)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2014)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
at com.study.AppSSL.main(AppSSL.java:10)
I don't think you've created the PKCS12 store correctly. Rather than exporting certificates, you need to convert the keystone with a command similar to the following:
$ keytool -importkeystore -srckeystore test.keystore -destkeystore test.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass secret
If you have any further questions, please follow up on Stack Overflow or Gitter. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements.
Comment From: wang3develop
Thank you! However, I now face the problem of SSL integration failure in the spring-cloud-gateway!