You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When running with a hybrid JDK8 for MacOS and with the AcmeCA feature enabled and certification revocation checking enabled, the SSL/TLS endpoint can fail to complete initialization and will not be available for traffic.
The following NullPointerException is logged in the FFDC, indicating the failure in the initialization flow.
Exception = java.lang.NullPointerException
Source = com.ibm.ws.security.acme.internal.AcmeProviderImpl
probeid = 921
Stack Dump = java.lang.NullPointerException
at sun.security.provider.certpath.CertPathHelper.setDateAndTime(CertPathHelper.java:71)
at sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:525)
at sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:464)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:393)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)
at com.ibm.ws.security.acme.internal.CertificateRevocationChecker.isRevoked(CertificateRevocationChecker.java:371)
at com.ibm.ws.security.acme.internal.AcmeProviderImpl.isRevoked(AcmeProviderImpl.java:681)
at com.ibm.ws.security.acme.internal.AcmeProviderImpl.isCertificateRequired(AcmeProviderImpl.java:398)
at com.ibm.ws.security.acme.internal.AcmeProviderImpl.checkAndRetrieveCertificate(AcmeProviderImpl.java:419)
at com.ibm.ws.security.acme.internal.AcmeProviderImpl.checkAndInstallCertificate(AcmeProviderImpl.java:194)
at com.ibm.ws.security.acme.internal.AcmeProviderImpl.updateDefaultSSLCertificate(AcmeProviderImpl.java:899)
at com.ibm.ws.crypto.certificate.creator.acme.AcmeSSLCertificateCreator.updateDefaultSSLCertificate(AcmeSSLCertificateCreator.java:55)
at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:889)
at com.ibm.ws.ssl.config.WSKeyStore$1.run(WSKeyStore.java:829)
at java.security.AccessController.doPrivileged(Native Method)
at com.ibm.ws.ssl.config.WSKeyStore.obtainKeyStore(WSKeyStore.java:829)
at com.ibm.ws.ssl.config.WSKeyStore.do_getKeyStore(WSKeyStore.java:789)
at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:1063)
at com.ibm.ws.ssl.config.WSKeyStore.getKeyStore(WSKeyStore.java:1037)
at com.ibm.ws.ssl.config.WSKeyStore.initializeKeyStore(WSKeyStore.java:1182)
at com.ibm.ws.ssl.config.WSKeyStore.<init>(WSKeyStore.java:345)
at com.ibm.ws.ssl.internal.KeystoreConfig.updateKeystoreConfig(KeystoreConfig.java:95)
at com.ibm.ws.ssl.internal.KeystoreConfigurationFactory.updated(KeystoreConfigurationFactory.java:114)
at com.ibm.ws.config.admin.internal.ManagedServiceFactoryTracker$2.run(ManagedServiceFactoryTracker.java:269)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.ibm.ws.config.admin.internal.UpdateQueue$Queue.run(UpdateQueue.java:68)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:1
Steps to Reproduce
Run on MacOS with a Hybrid JDK8
Add and configure the acmeCA feature
Enable and configure the acmeRevocationChecker attribute.
Start the Liberty server.
Expected behavior
The acmeCA revocation check should complete successfully and the SSL/TLS endpoint should complete initialization and be available for traffic.
Diagnostic information:
OpenLiberty Version: [e.g. 20.0.0.10 - 23.0.0.03]
Affected feature(s): [acmeCA-2.0]
Java Version: [Java(TM) 2 Runtime Environment, Standard Edition (1.8.0_351-b10 20_Oct_2022_06_19 Mac OS X x64(SR7 FP20))]
server.xml configuration (WITHOUT sensitive information like passwords)
Describe the bug
When running with a hybrid JDK8 for MacOS and with the AcmeCA feature enabled and certification revocation checking enabled, the SSL/TLS endpoint can fail to complete initialization and will not be available for traffic.
The following NullPointerException is logged in the FFDC, indicating the failure in the initialization flow.
Steps to Reproduce
acmeRevocationChecker
attribute.Expected behavior
The acmeCA revocation check should complete successfully and the SSL/TLS endpoint should complete initialization and be available for traffic.
Diagnostic information:
The text was updated successfully, but these errors were encountered: