Develop Reference

Use ssl certificate in spring boot application

I followed this tutorial for using a self signed certificate and that worked so far.
Then, I purchased a SSL certificate from my provider and tried to use that one. I get the error:
2019-04-19 17:45:36.385 ERROR 9245 --- [ restartedMain] org.apache.catalina.util.LifecycleBase : Failed to start component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1004) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:226) [tomcat-embed-core-9.0.14.jar:9.0.14]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549) [spring-context-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at de.tki.chinese.ChineseApplication.main(ChineseApplication.java:24) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_73]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_73]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_73]
at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_73]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.1.2.RELEASE.jar:2.1.2.RELEASE]
Caused by: java.lang.IllegalArgumentException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1085) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1171) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:568) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1001) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
... 19 common frames omitted
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561) ~[na:1.8.0_73]
at sun.security.util.DerValue.init(DerValue.java:365) ~[na:1.8.0_73]
at sun.security.util.DerValue.<init>(DerValue.java:320) ~[na:1.8.0_73]
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) ~[na:1.8.0_73]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_73]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:178) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
... 25 common frames omitted
2019-04-19 17:45:36.405 INFO 9245 --- [ restartedMain] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2019-04-19 17:45:36.414 INFO 9245 --- [ restartedMain] ConditionEvaluationReportLoggingListener :
I created a keystore like this:
MacBook-Pro:keystore tobias$ keytool -import -alias tomcat -file hanzien_de.key -keystore keystore_hanzien.de.p12 -storepass xxxxx
Then I used that keystore in my application.properties file:
# ==============================================================
# = ssh
# ==============================================================
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/keystore_hanzien.de.p12
#server.ssl.key-store=classpath:keystore/hanzien_de.pfx
# The password used to generate the certificate
server.ssl.key-store-password=xxxxx
# The alias mapped to the certificate
server.ssl.key-alias=tomcat
What am I doing wrong?

First, you appear to be using java 8 (8u73). Through 8 keytool defaults to JKS format, not PKCS12. (9 up does default to PKCS12.) This is why your exception cause is about DerStuff; PKCS12 format is/uses DER but JKS not. Either specify -storetype pkcs12 on the keytool command, or specify ..key-store-type=JKS in your app config (and preferably change the name so it is not actively misleading and confusing to people).
Second, keytool -import on a new keystore (or entry) imports only a certificate as a 'trustedcert' entry only usable to verify other parties. A TLS server (or SSL before it was obsoleted) like Tomcat, or in general any prover, must have a 'privatekey' entry containing a cert AND matching PRIVATEKEY AND usually CHAIN CERT(S). To be exact, the TLS standards require the server to send the/all chain cert(s) needed to verify the entity=server cert, optionally excluding the root or anchor; JSSE normally sends the cert(s) that are in the PrivateKeyEntry, so you must put the needed cert(s) there. For any public CA (like Verisign^WSymantec^WDigicert, GoDaddy, LetsEncrypt/Identrust) since about 1990, at least one chain cert is required, sometimes two and very rarely more. For a private CA this may vary depending on the CA. If the server does not send the required chain cert(s), some clients may still be able to verify some certs; in particular, browsers can often 'fill in' missing chain cert(s) from public CAs. This creates a situation where some connections to your server succeed while other connections to the same server fail, which tends to be very confusing and upsetting to users, and is not recommended.
If your .key file actually contains only a cert, naming it .key is misleading and confusing. If it contains a cert and then key in PEM, Java is able to read and separate the cert part and ignore the key; this allows keytool to run but produces a resulting file that Tomcat cannot use to accept TLS/SSL connections. (Depending on the version and maybe config, it may throw a reasonably specific exception like 'not a key' or 'key not found', or it may simply reject all connection attempts with handshake_failure.) If it contains only a key, or a key then a cert, or not PEM, the keytool command would fail, and yours apparently didn't.
keytool is not able to import a privatekey from anything but a(nother) supported keystore, which doesn't help you much because if it's already in a keystore you don't need to import it. Your choices are:
if you have openssl commandline, use it to convert the key + cert(s) to PKCS12. (openssl pkcs12 -export will include chain cert(s) if you provide it/them explicitly, or explicitly specify -chain and provide or default a truststore containing it/them.) There are dozens of existing Stack Qs and As, going back many years, covering this common and popular alternative.
use keytool to generate the keypair (already in a Java-supported keystore format) and CSR and get a certificate issued for that CSR, and then use keytool -import to either (1) import CA chain certs as trusted and then the server cert to the existing privatekey entry, which automatically fills in the chain or (2) import the whole CA chain directly to the existing privatekey entry. There are many existing Qs and As on this alternative also, as well as Sun/Oracle's own doc for Java, and tailored versions from every CA (or nearly so).
write, or find, and use a program that explicitly loads a privatekey and cert(s) from whatever format(s) you have to a 'privatekey' entry in a supported keystore. This is more work, and there are only a few Qs and As on this.

If you use maven, this is probably occurring because of the Maven filtering in your whole resources folder.
Maven resource filtering (that let's you include variables in your resource files) can mess up your binaries - and certificates are especially sensitive to modification.
More about maven resource filtering: http://maven.apache.org/plugins/maven-resources-plugin/examples/filter.html

Faced with this error during Spring Boot Application with PCKS12 cert start. Simply rasing Java version from 8 to 11 fixed the error. Keep in mind that all the classes you use have to be in both versions of Java.

what about direct running from cmd
java -jar -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=C:\Users\certificates\Cert_name -Dspring.profiles.active=local target\jar_or_war_name_with_dot_extension

How to use SSL on a distributed Spring Boot client calling a hosted web app

I have a Spring Boot (2.x.x) service which customers can download. Once they've downloaded and started the service, they login to a managed portal to interact with the service.
The managed portal is hosted on Firebase, and setup with the default SSL certificates from Firebase. When viewing the managed portal in Chrome I can see This page includes resources that were loaded with certificate errors..
If I attempt to view the managed portal from Firefox, the following exception is thrown in the Spring Boot service.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-codec-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-codec-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-transport-4.1.33.Final.jar:4.1.33.Final]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:799) [netty-transport-native-epoll-4.1.33.Final-linux-x86_64.jar:4.1.33.Final]
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:427) [netty-transport-native-epoll-4.1.33.Final-linux-x86_64.jar:4.1.33.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:328) [netty-transport-native-epoll-4.1.33.Final-linux-x86_64.jar:4.1.33.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-common-4.1.33.Final.jar:4.1.33.Final]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_191]
Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896) ~[na:1.8.0_191]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[na:1.8.0_191]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_191]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) ~[netty-handler-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1301) ~[netty-handler-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1203) ~[netty-handler-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1247) ~[netty-handler-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-codec-4.1.33.Final.jar:4.1.33.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-codec-4.1.33.Final.jar:4.1.33.Final]
... 13 common frames omitted
From here, I'm sure I've got something wrong, but unsure what exactly.
The configuration for my service is:
server:
port: 8443
ssl:
key-store: classpath:keystore.jks
key-password: changeit
key-alias: keystore
and I created the keystore using
keytool -genkeypair -alias keystore -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650
How can I clean up this so I get a nice green secure badge?

In your application.yml, change key-password to key-store-password.

You can also add SSL Truststore and keystore certificates to your JVM using java properties during startup. I found this works with no fuss all the time.
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword

Spring - Loading Services and Repositories from dependant JAR file

I'm working on a web project and standalone app project that use the same database (using hibernate). Both are based on Spring and use Services and Repositories. Since both projects often get to interact with the same entities, i used to have a copy of almost each Repository and Service in each project which was a mess to maintain. I decided to create a third project and put all the common code in it. I am then adding the resulting jar file as a local maven dependency but i'm getting errors compiling something that used to work perfectly fine when the code was "local". This was my old component scan annotation :
#ComponentScan(basePackages = "com.mdenis.mdhis_webclient")
The new classes (same code in different package in a jar file) are in a different package so I am now trying this :
#ComponentScan(basePackages = "com.mdenis.mdhis_common")
There are still local beans that I need to load from the old local package so i will eventually need to get the component scan to check 2 different packages but for now i'm just trying to get this to find my services and repositories in their new "external" location. I'm getting this exception when running the web app :
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:441)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:740)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:716)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:703)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:619)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1641)
at sun.reflect.GeneratedMethodAccessor23.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:287)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1557)
at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:978)
at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:344)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:619)
at org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:348)
at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:52)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:417)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoClassDefFoundError: Lcom/mdenis/mdhis_common/service/UserService;
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2583)
at java.lang.Class.getDeclaredFields(Class.java:1916)
at org.apache.catalina.util.Introspection.getDeclaredFields(Introspection.java:110)
at org.apache.catalina.startup.WebAnnotationSet.loadFieldsAnnotation(WebAnnotationSet.java:262)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationFilterAnnotations(WebAnnotationSet.java:108)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationAnnotations(WebAnnotationSet.java:65)
at org.apache.catalina.startup.ContextConfig.applicationAnnotationsConfig(ContextConfig.java:328)
at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:778)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5003)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
... 41 more
Caused by: java.lang.ClassNotFoundException: com.mdenis.mdhis_common.service.UserService
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1275)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1104)
... 54 more
It's only complaining about UserService but i have about 30 services in this app and i'm pretty sure it's having issues finding all of them. Am i doing something wrong to make this work? The jar file is correctly loaded in Netbeans and the package structure is correct.
* EDIT *
This is the part of my POM.xml that loads the jar i compiled in my third project. It is correctly being added into the project and the hundreds of classes who depend on these classes have no errors :
<dependency>
<groupId>com.mdenis</groupId>
<artifactId>MDHIS_Common</artifactId>
<version>1.0-SNAPSHOT</version>
<scope>system</scope>
<systemPath>${project.basedir}/src/main/resources/MDHIS_Common.jar</systemPath>
</dependency>
Regards

What if you just change your component scan to
#ComponentScan(basePackages = "com.mdenis")
or
#ComponentScan({"com.mdenis.mdhis_webclient","com.mdenis.mdhis_common"})
Then both packages will be scanned.

I found the problem. the system scope for Maven assumes you will be providing the classes yourself. I installed my jar into my local Maven repository and removed the scope and systemPath attributes. Everything now compiles perfectly.

having a issue changing Kurento projects certificate?

I have configured the environment of [kurento server][1] (a WebRTC media server and a set of client APIs making simple the development of advanced video applications for WWW and smartphone platforms) and I got the tutorial project up and running.
But I am having an issue with changing the certificate that are included with the projects.
Can you please point me in the right direction on how to do that without causing a problem, since when I created a new keystore the maven compile failed.
-- here is a snapshot of the stack trace after doing what the site [ securing the application ] steps ( I double checked the password and certificate ) :
2017-07-16 10:35:43.508 ERROR 11944 --- [llRecApp.main()] o.a.coyote.http11.Http11NioProtocol : Failed to start end point associated with ProtocolHandler [https-jsse-nio-8443]
java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:874) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:590) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:969) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.5.jar:8.5.5]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:233) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:178) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544) [spring-context-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-1.4.1.RELEASE.jar:1.4.1.RELEASE]
at org.kurento.tutorial.one2onecallrec.One2OneCallRecApp.main(One2OneCallRecApp.java:68) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:293) [exec-maven-plugin-1.4.0.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[na:1.8.0_131]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[na:1.8.0_131]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[na:1.8.0_131]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[na:1.8.0_131]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_131]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:194) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
... 23 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[na:1.8.0_131]
... 31 common frames omitted
[1]: http://doc-kurento.readthedocs.io/en/stable/what_is_kurento.html

Without an exact description of "the problem" or "the issue", it will be difficult to pinpoint what can help.
You can start by double-checking the content of "Securing Kurento Applications".
For instance, the command
mvn compile exec:java -Dkms.url=ws://kms_host:kms_port/kurento
would only work if your jar does include the new keystore in your jar file:
File keystore.jks must be in the project’s root path, and a file named application.properties must exist in src/main/resources/, with the following content:
server.port: 8443
server.ssl.key-store: keystore.jks
server.ssl.key-store-password: yourPassword
server.ssl.keyStoreType: JKS
server.ssl.keyAlias: yourKeyAlias
Double-check with this answer which states:
Check that you file is according to that, and make sure that you are providing the correct keystore location in server.ssl.key-store
Regarding the error message "Keystore was tampered with, or password was incorrect", see "keytool error Keystore was tampered with, or password was incorrect". It can be a passphrase issue for instance.
The OP AhMaD AbUIeSa adds in the comments:
After creating a new keystore from official site using the certificate and the private key the project worked with no problem.
As commented below by Nikola Lukic, to add a new certificat, you would need to :
copy it into the container (docker container cp) using the right path (a path valid from within the container, not the host),
create a new image (docker container commit)
run the new image as a new container: docker container run

Getting "javax.net.ssl.SSLPeerUnverifiedException" when trying to connect vis https to third party site using JBoss

I’m using Java 6 and JBoss 7.1.3. I want to make https connections in my web application to a third-party web site. Normally, when I try, I get the exception
10:35:45,597 DEBUG [org.apache.tomcat.util.net.jsse.JSSESupport] (http-/0.0.0.0:8443-1) Error getting client certs: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) [jsse.jar:1.6]
at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:88) [jbossweb-7.0.17.Final.jar:]
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:142) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1059) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.Request.action(Request.java:362) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.connector.Request.getAttribute(Request.java:1125) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.connector.Request.getAttributeNames(Request.java:1179) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.connector.RequestFacade.getAttributeNames(RequestFacade.java:286) [jbossweb-7.0.17.Final.jar:]
at com.sun.faces.application.WebappLifecycleListener.requestDestroyed(WebappLifecycleListener.java:116) [jsf-impl-2.1.11-jbossorg-3.jar:]
at com.sun.faces.config.ConfigureListener.requestDestroyed(ConfigureListener.java:369) [jsf-impl-2.1.11-jbossorg-3.jar:]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:372) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.17.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.17.Final.jar:]
at java.lang.Thread.run(Thread.java:695) [classes.jar:1.6.0_65]
So I figured I needed to add the CA to a truststore and tell JBoss about it. I downloaded the 3rd party CA cert in PEM form and created a trust store using
keytool -import -file thirdparty.pem -alias thirdparty -keystore truststore.ts
using the password “changeit”. Then, I set a JBoss system property like so:
<property name="javax.net.ssl.trustStore" value="/opt/jboss-as-7.1.3.Final/standalone/configuration/truststore.ts" />
</system-properties>
However, after stopping and restarting my server, attempts to connect to that third party site result in the same exception. What am I missing in my configuration? (PS, I’m happy to configure this in my WAR file itself as opposed to the entire JBoss environment).
Thanks, - Dave

Few things to try
1. Import it using -trustcacerts option
2. Import it into the cacerts file that is in the jdk (under jre/lib/security)
Restart and retry