Why am I not able to start a Java application with SSL?

March 26, 2019 941 views
Ubuntu 18.04 Applications Java

I am trying to set up a simple Spring application to use SSL and host it on Digital Ocean. Why is my app not finding the keystore file?

The droplet I’ve set up is based on Ubuntu 18.04. I used Letsencrypt to get a certificate and this guide to generate a PKCS file. I’ve set up my application.properties file to look in the jar file’s current directory like so:

security.require-ssl:true
server.ssl.key-store:keystore.p12
server.ssl.key-store-password:<password>
server.ssl.key-store-type:PKCS12
server.ssl.key-alias:<alias>
I would expect this to run and start a web server on the configured port. However, what I get in the stack trace is this:

Caused by: java.io.FileNotFoundException: /root/software/gimmememe/target/keystore.p12 (No such file or directory)
Weirdly enough when I run the same jar with the same keystore.p12 file on my own Windows machine it runs fine:

o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 9123 (https) with context path “
meme.Application : Started Application in 4.985 seconds (JVM running for 5.464)
I don’t think it’s a permissions issue on the Ubuntu machine as I tried setting the permissions on the keystore file like so:

-rw-r–r– 1 root root 4274 Mar 26 18:44 keystore.p12
I am running my jar file with the following command (tried with sudo infront as well):

java -jar gimme-meme-1.0.0.war

1 Answer

Greetings!

This problem sounds like it could lean either direction as far as simple/complex. Given that the error is “No such file or directory” I’d like to make no assumptions and jump to the simplest test. Upon seeing that error, even if I knew the file was there, I’d be running this command immediately:

stat /root/software/gimmememe/target/keystore.p12

The reason being that I want to rule out any issues that my eyes might be skipping over. You and I might look at it a hundred times and never see it, so let’s zone in on that possibility. When you run that, what happens? I expect one of two outcomes:

  1. stat: cannot stat ‘/root/software/gimmememe/target/keystore.p12’: No such file or directory

  2. A result, something similar to:

    [root@banshee] ~ # stat test
    File: ‘test’
    Size: 0           Blocks: 0          IO Block: 4096   regular empty file
    Device: 902h/2306d  Inode: 63970934    Links: 1
    Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
    Access: 2019-03-26 19:41:52.163693050 +0000
    Modify: 2019-03-26 19:41:52.163693050 +0000
    Change: 2019-03-26 19:41:52.163693050 +0000
    Birth: -
    

If you get the result from #1, the file surely isn’t in that location. So ask yourself what is different from where you’re running it, as opposed to that location, and why it might be searching there. I don’t know those answers for your situation, but they may be the right questions.

If you get the result from #2, then I’m going to ask you what the result of this command is:

lsattr /root/software/gimmememe/target/keystore.p12

Perhaps the file has a strange flag on it that can throw off the java app. I doubt it, but I’m up for the idea. That test file I just made for the stat example above, it has no strange flags and here’s what it looks like:

 [root@banshee] ~ # lsattr test
-------------e-- test

If you get this far and you can say all of these are true:

  • Running as root
  • File exists in location specified in error
  • File has no strange attribute flags

Then I propose that the disconnect is between the application and the installed java version, but I don’t know what exactly that would be. Hopefully someone else has an idea. I can’t see it being that, the error is a pretty clear OS error.

Jarland

  • Thanks for taking the time to respond Jarlan!
    I have tried using the commands you suggested and got the following results.
    The stat command yielded this:

     stat /root/software/gimmememe/target/keystore.p12
      File: /root/software/gimmememe/target/keystore.p12
      Size: 4274            Blocks: 16         IO Block: 4096   regular file
    Device: fc01h/64513d    Inode: 516394      Links: 1
    Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
    Access: 2019-03-26 21:14:12.927397781 +0000
    Modify: 2019-03-26 21:14:12.927397781 +0000
    Change: 2019-03-26 21:14:39.469608429 +0000
     Birth: -
    
    

    Which I assume means that the file is alright and in the correct location.
    lsattr returned the following:

    lsattr /root/software/gimmememe/target/keystore.p12
    --------------e---- /root/software/gimmememe/target/keystore.p12
    
    

    The e flag seems to be 2 positions to the left. What would that mean? If it is indeed a disconnect between the application and the installed java, how would I debug that? Perhaps wiping out all Java versions from the droplet and installing one that would be appropriate? I really think something like this might be the issue because it’s running fine on my Windows machine. So it must be an environment problem.

    Thanks,
    Martin

Have another answer? Share your knowledge.