Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38144

HTTPS mode fails when using IBM Java (No SunX509)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core, winstone-jetty
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      I have tried and tried to get Jenkins to run on port 443 in HTTPS mode, but it always complains as follows:

      SEVERE: Container startup failed
      java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
      at winstone.Launcher.spawnListener(Launcher.java:207)
      at winstone.Launcher.<init>(Launcher.java:149)
      at winstone.Launcher.main(Launcher.java:352)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
      at java.lang.reflect.Method.invoke(Method.java:620)
      at Main._main(Main.java:246)
      at Main.main(Main.java:91)
      Caused by: winstone.WinstoneException: Error getting the SSL context object
      at winstone.HttpsConnectorFactory.getSSLContext(HttpsConnectorFactory.java:241)
      at winstone.HttpsConnectorFactory.createConnector(HttpsConnectorFactory.java:131)
      at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:116)
      at winstone.Launcher.spawnListener(Launcher.java:205)
      ... 8 more
      Caused by: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
      at sun.security.jca.GetInstance.getInstance(GetInstance.java:172)
      at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9)
      at winstone.HttpsConnectorFactory.getSSLContext(HttpsConnectorFactory.java:206)
      ... 11 more

      My keys are created using the following:

      keytool -genkey -alias jenkins-ssl-cert -keyalg RSA -keystore /var/lib/jenkins/ssl/.keystore -validity 3650

      (but I also tried using openssl and the converting to JKS format, but that method didn't help it either.)

      Finally, I see on the internet that once upon a time we could specify IbmX509, but now it seems we can't:

        1. the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
          #JENKINS_HTTPS_KEY_MANAGER="SunX509"
          JENKINS_HTTPS_KEY_MANAGER="IbmX509"

      If that mechanism still worked, that might have fixed things for me?

      Finally, I tried the following, but that didn't help either:

      JENKINS_ARGS="-Dproxy.cert.factory=IbmX509"

      So, I'm pretty sure this is a bug, as Jenkins should work with HTTPS when using IBM Java (I hope)

      Thanks

        Attachments

          Activity

          Hide
          will177 Will Berriss added a comment -

          I removed ibm-java and installed openjdk8 and now it all works perfectly.

          Show
          will177 Will Berriss added a comment - I removed ibm-java and installed openjdk8 and now it all works perfectly.
          Hide
          rickybobpat Rick Patterson added a comment -

          Hi.  How are you starting the Jenkins?   This page https://github.com/jenkinsci/winstone  mentions a parameter when invoking Jenkins using winstone:  --httpsKeyManagerType, we use the IBM JVM and the following option:    --httpsKeyManagerType=IbmX509

          Show
          rickybobpat Rick Patterson added a comment - Hi.  How are you starting the Jenkins?   This page https://github.com/jenkinsci/winstone   mentions a parameter when invoking Jenkins using winstone:  --httpsKeyManagerType, we use the IBM JVM and the following option:    --httpsKeyManagerType=IbmX509

            People

            • Assignee:
              Unassigned
              Reporter:
              will177 Will Berriss
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: