Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWPKI0804E due to "java.io.IOException: DNSName may not be gin or end with a ." #30571

Open
una-tapa opened this issue Jan 16, 2025 · 0 comments
Open

CWPKI0804E due to "java.io.IOException: DNSName may not be gin or end with a ." #30571

una-tapa opened this issue Jan 16, 2025 · 0 comments
Assignees
@una-tapa
Labels
release bug This bug is present in a released version of Open Liberty

Comments

@una-tapa
Copy link
Member

una-tapa commented Jan 16, 2025
edited
Loading

Describe the bug

This issue occurs on my Ubuntu platform but not on Windows.
When starting Liberty with the specified server.xml configuration and no existing key, the system encounters a problem. Given that transportSecurity-1.0 and defaultSSL are configured, Liberty attempts to create a new keystore if an existing one isn't found. During this process, Liberty also tries to generate a certificate to add to the keystore, which is when the error is observed.

Due to this error, the default keystore was not created successfully, rendering the SSL port unavailable to Liberty.

    <featureManager>
        <feature>jsp-2.3</feature>
        <feature>appSecurity-3.0</feature>
        <feature>localConnector-1.0</feature>
        <feature>transportSecurity-1.0</feature>
    </featureManager>

    <ssl id="defaultSSLSettings"/>

Full error stack below.

product = Open Liberty 24.0.0.12 (wlp-1.0.96.cl241220241119-0657)
wlp.install.dir = /home/hiroko/myGit/liberty-formlogin/build/wlp/
java.home = /usr/lib/jvm/java-8-openjdk-amd64/jre

[1/15/25 21:13:47:173 EST] 00000026 id=00000000 com.ibm.ws.ssl.config.WSKeyStore                             3 Exception initializing KeyStore; java.security.cert.CertificateException: keytool error: java.lang.RuntimeException: java.io.IOException: DN\
SName may not begin or end with a .
                                                                                                               java.security.cert.CertificateException: keytool error: java.lang.RuntimeException: java.io.IOException: DNSName may not begin or end with a . 
        at com.ibm.ws.crypto.certificateutil.keytool.KeytoolCommand.executeCommand(KeytoolCommand.java:167)
        at com.ibm.ws.crypto.certificateutil.keytool.KeytoolSSLCertificateCreator.createDefaultSSLCertificate(KeytoolSSLCertificateCreator.java:46)
        at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:927)
        at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:839)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.ibm.ws.ssl.config.WSKeyStore.obtainKeyStore(WSKeyStore.java:839)
        at com.ibm.ws.ssl.config.WSKeyStore.do_getKeyStore(WSKeyStore.java:799)
        at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:1073)
        at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:1047)
        at com.ibm.ws.ssl.config.WSKeyStore.initializeKeyStore(WSKeyStore.java:1192)
        at com.ibm.ws.ssl.config.WSKeyStore.<init>(WSKeyStore.java:355)
        at com.ibm.ws.ssl.internal.KeystoreConfig.updateKeystoreConfig(KeystoreConfig.java:95)
        at com.ibm.ws.ssl.internal.KeystoreConfigurationFactory.updated(KeystoreConfigurationFactory.java:114)
        at com.ibm.ws.config.admin.internal.ManagedServiceFactoryTracker$2.run(ManagedServiceFactoryTracker.java:269)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at com.ibm.ws.config.admin.internal.UpdateQueue$Queue.run(UpdateQueue.java:68)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:750)

Steps to Reproduce

See the description above.

Expected behavior
The certificate should be created successfully.

Diagnostic information:

  • OpenLiberty Version: 24.0.0.12
  • Affected feature(s) [e.g. transportSecurity-1.0]
  • Java Version: [i.e. full output of java -version]
  • server.xml configuration (WITHOUT sensitive information like passwords) - See description.
  • If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log

Additional context
Add any other context about the problem here.
@una-tapa una-tapa added the release bug This bug is present in a released version of Open Liberty label Jan 16, 2025
@una-tapa una-tapa self-assigned this Jan 16, 2025
@una-tapa una-tapa mentioned this issue Jan 16, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@una-tapa una-tapa

Labels
release bug This bug is present in a released version of Open Liberty
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@una-tapa