Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 4430 invoked from network); 10 Aug 2006 17:42:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 10 Aug 2006 17:42:56 -0000 Received: (qmail 23752 invoked by uid 500); 10 Aug 2006 17:42:51 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 23700 invoked by uid 500); 10 Aug 2006 17:42:51 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 23667 invoked by uid 99); 10 Aug 2006 17:42:51 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Aug 2006 10:42:51 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Aug 2006 10:42:22 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 62C527142D3 for ; Thu, 10 Aug 2006 17:39:15 +0000 (GMT) Message-ID: <25207459.1155231555402.JavaMail.jira@brutus> Date: Thu, 10 Aug 2006 10:39:15 -0700 (PDT) From: "Joe Bohn (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Closed: (GERONIMO-2234) User can lock the default keystore without warning, making jetty server unusable In-Reply-To: <2510713.1154021533827.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-2234?page=all ] Joe Bohn closed GERONIMO-2234. ------------------------------ > User can lock the default keystore without warning, making jetty server unusable > -------------------------------------------------------------------------------- > > Key: GERONIMO-2234 > URL: http://issues.apache.org/jira/browse/GERONIMO-2234 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security, console > Affects Versions: 1.2, 1.1, 1.1.1 > Environment: windows xp > jetty only > Reporter: Joe Bohn > Assigned To: Joe Bohn > Priority: Critical > Fix For: 1.2, 1.1.1 > > > WIth one mouse click on the keystore portlet (on the lock under "Available") the user will put the server in a state where it can never start. No error or warning is issued at the time the keystore is locked. However, on the next server recycle the server will not be able to initialize because of a failed GBean and produce the stack trace below. At the very least we should warn the user before locking the keystore. Given the impact of the problem, I think it would be even better if we could challenge for the password on lock. If lock is accidentally selected you must know the password to unlock it so requiring the password to lock would make it less likely that it would happen by accident and ensure the user has the necessary information/authority to do/undo the action. > There are a few other aspects of this problem that make it even worse: > 1) It appears that even if the admin unlocks the keystore again so that it is available there is often some setting someplace that trys to keep it locked and will cause the next server restart to fail. > 2) It was suggested that you could set load="false" on the SSLConnector, restart the server, and then use the console to unlock the keystore. However, because of the the previous item this often doesn't work and the server will again fail to start when load-"false' is removed. > Booting Geronimo Kernel (in Java 1.4.2_08)... > Starting Geronimo Application Server v1.1.1-SNAPSHOT > [*********> ] 43% 9s Loading geronimo/jetty/1.1.1-SNA...13:18:28,765 WARN [SslListener] EXCEPTION > org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'geronimo-default' is locked; please use the keystore page in the admin console to unlock it > at org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300) > at org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$c92b6d1.createSSLServerFactory() > at org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java:41) > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:283) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) > at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111) > at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146) > at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) > at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111) > at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146) > at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124) > at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540) > at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > [*********> ] 43% 10s Starting geronimo/jetty/1.1.1-SNA...13:18:28,875 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED s > tate: abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=geronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector" > java.io.IOException: Could not create JsseListener: org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'geronimo-default' is locked; please use > the keystore page in the admin console to unlock it > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) > at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111) > at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146) > at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526) > at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111) > at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146) > at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41) > at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124) > at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540) > at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > 13:18:28,984 WARN [SslListener] EXCEPTION > org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'geronimo-default' is locked; please use the keystore page in the admin console to unlock it > at org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300) > at org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$c92b6d1.createSSLServerFactory() > at org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java:41) > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:283) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124) > at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540) > at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > 13:18:29,093 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED state: abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=ge > ronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector" > java.io.IOException: Could not create JsseListener: org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'geronimo-default' is locked; please use > the keystore page in the admin console to unlock it > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124) > at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540) > at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > [*********> ] 43% 10s Startup failed > org.apache.geronimo.kernel.config.LifecycleException: start of geronimo/jetty/1.1.1-SNAPSHOT/car failed > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:529) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > Caused by: org.apache.geronimo.kernel.config.InvalidConfigException: Unknown start exception > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:440) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > ... 13 more > Caused by: org.apache.geronimo.gbean.InvalidConfigurationException: Configuration geronimo/jetty/1.1.1-SNAPSHOT/car failed to start due to the following reasons > : > The service ServiceModule=geronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector did not start because the doStart method threw an exception. > java.io.IOException: Could not create JsseListener: org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'geronimo-default' is locked; please use > the keystore page in the admin console to unlock it > at org.mortbay.http.SslListener.newServerSocket(SslListener.java:314) > at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477) > at org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233) > at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102) > at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124) > at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540) > at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374) > at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493) > at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke() > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38) > at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122) > at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817) > at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35) > at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96) > at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$1b561373.startConfiguration() > at org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297) > at org.apache.geronimo.system.main.Daemon.(Daemon.java:74) > at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377) > at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:403) > ... 15 more > Server shutdown begun tartup failed > Server shutdown completed -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira