powered by Jive Software

Keystore Problem: Cannot convert COMBINED of type class java.lang.String to class org.jivesoftware.openfire.spi.ConnectionType


#1

We recently had a corrupted keystore problem, and when we tried to restore the keystore and truststore in the openfire security/ folder, we ended up having some problems with accessing the SSL/TLS Certificates tab in the administration console.

This is the exact traceback we see, and we’re not sure how to fix this issue - at all:

javax.el.ELException: Cannot convert COMBINED of type class java.lang.String to class org.jivesoftware.openfire.spi.ConnectionType
        at org.apache.el.lang.ELSupport.coerceToEnum(ELSupport.java:212)
        at org.apache.el.lang.ELSupport.equals(ELSupport.java:179)
        at org.apache.el.parser.AstEqual.getValue(AstEqual.java:39)
        at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:187)
        at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:956)
        at org.jivesoftware.openfire.admin.security_002dcertificate_002dstore_002dmanagement_jsp._jspx_meth_c_005fwhen_005f1(security_002dcertificate_002dstore_002dmanagement_jsp.java:803)
        at org.jivesoftware.openfire.admin.security_002dcertificate_002dstore_002dmanagement_jsp._jspx_meth_c_005fchoose_005f1(security_002dcertificate_002dstore_002dmanagement_jsp.java:760)
        at org.jivesoftware.openfire.admin.security_002dcertificate_002dstore_002dmanagement_jsp._jspx_meth_c_005fset_005f0(security_002dcertificate_002dstore_002dmanagement_jsp.java:728)
        at org.jivesoftware.openfire.admin.security_002dcertificate_002dstore_002dmanagement_jsp._jspx_meth_c_005fforEach_005f1(security_002dcertificate_002dstore_002dmanagement_jsp.java:673)
        at org.jivesoftware.openfire.admin.security_002dcertificate_002dstore_002dmanagement_jsp._jspService(security_002dcertificate_002dstore_002dmanagement_jsp.java:232)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
        at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
        at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:73)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:49)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:226)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:215)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:499)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
        at java.lang.Thread.run(Thread.java:748)

Anyone know how we can generate a brand new keystore, and fix this issue so we can get access to the TLS certificates tab?


Setting up TLS in Openfire - error in TLS/SSL certificates
#2

Which version of Openfire? You may want to start with the baseline security/ resources distributed by the Openfire installer. You can get the raw files here


#3

We’re running 4.2.1. Putting the raw files didn’t seem to work properly, we still got the error. Not sure where else to go from here.


#4

This might be caused by the work done for OF-1415. On what page is this, exactly? Does the problem disappear if you append the URL with: “&connectionType=SOCKET_C2S” ?


#5

go to: Server Manager -> System Properties
Search for "xmpp.socket.ssl.client.keypass"
Make sure its right and it should fix your problem if you are using the default files make sure its value is “changeit”


#6

I just upgraded from 4.1.4 to 4.2.1 and ran into the same problem. For me, the xmpp.socket.ssl.client.* entries were all missing in the web configuration, as well as xmpp.socket.ssl.trustpass and xmpp.socket.ssl.keypass (xmpp.socket.ssl.keystore and xmpp.socket.ssl.truststore were still there), although they were in the MySQL database. No changes in the database up to now. The TLS/SSL certificates page worked in 4.1.4 without problemns.

So I just went back to 4.1.4. Now the SSL settings for “Server Federation Stores” and “XMPP Client Stores” are missing in the system environment and need to be reconfigured each time the Openfire service starts, the other stores have no problem. I have separate JKS files with unique passwords for all of the “Stores”. All stores are accessible with KeyStore Explorer.

So then another shot with 4.2.1. I deleted the xmpp.socket.ssl.client.* and xmpp.socket.ssl.key/trust-store/pass values from web configuration and leftovers from the MySQL database . I recreated the settings and the settings reappeared in the MySQL database, but I still can’t access the TLS/SSL certificate page.

I then went back to 4.1.4 another time. The new environment entries (created in 4.2.1) were loaded successfully and I can access the TLS/SSL certificate page in 4.1.4.

I tried this with the x64 bundles with and without JRE and also the ZIP file and kept the conf- and resources\security-folder from 4.1.4.

I’m using SSL-secured connection for accessing the web configuration with no problem all the time.


#7

How did you solve this issue?


#8

We had this issue with the same URL appending as well. Literally when trying to get to Server Manager -> SSL/TLS Certificates tab, it exploded.

The solution by vwidmer below yours solved this, but so did a system reinstallation even after the fact (something else actually exploded after this requiring a reinstallation). Changing the keypass properly worked though.


#9

I have the same error. But the keypass is okay:
mysql> select * from ofProperty where name=“xmpp.socket.ssl.client.keypass”;
±-------------------------------±----------±----------+
| name | propValue | encrypted |
±-------------------------------±----------±----------+
| xmpp.socket.ssl.client.keypass | changeit | 0 |
±-------------------------------±----------±----------+
I still cant access the page TLS/SSL Certificates, the java error begins with
javax.el.ELException: Cannot convert COMBINED of type class java.lang.String to class org.jivesoftware.openfire.spi.ConnectionType

Openfire 4.2.1 on a ubuntu 12.04.5 LTS with java version “1.8.0_121”

keytool -list -keystore keystore works fine with the password. Restarting openfire doesnt help.


#10

If you’re still struggling with this problem, check to make sure that all of the following properties are set:

xmpp.bosh.ssl.client.keypass
xmpp.bosh.ssl.client.keystore
xmpp.bosh.ssl.client.storeType
xmpp.bosh.ssl.client.trustpass
xmpp.bosh.ssl.client.truststore
xmpp.multiplex.keypass
xmpp.multiplex.keystore
xmpp.multiplex.storeType
xmpp.multiplex.trustpass
xmpp.multiplex.truststore
xmpp.socket.ssl.client.keypass
xmpp.socket.ssl.client.keystore
xmpp.socket.ssl.client.storeType
xmpp.socket.ssl.client.trustpass
xmpp.socket.ssl.client.truststore
xmpp.socket.ssl.keypass
xmpp.socket.ssl.keystore
xmpp.socket.ssl.storeType
xmpp.socket.ssl.trustpass
xmpp.socket.ssl.truststore

My instance was missing most storeType properties, and several keypass and trustpass properties. Adding them all resolved the issue for me.

Note - a server restart was not necessary.


#11

Thank you very much!!! My config was missing
xmpp.bosh.ssl.client.storeType
xmpp.multiplex.storeType
xmpp.socket.ssl.client.storeType
and I put in the value JKS for Java key store.
Now the menue TLS/SSL Certificates works!!!

SOLVED!!


#12

I also faced the same issue. None of the solutions worked. I tried changing the properties in the ofProperty table.

In the end, I just copied the resources folder from another working server and it worked. I somewhere found the issue in the corrupt crt files.

Need to get a concrete solution to this.