[JM-632] Improved robustness of admin console when dealing with corrupt SSL keystores.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9785 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-632] Improved robustness of admin console when dealing with corrupt SSL keystores.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9785 b35dd754-fafc-0310-a699-88a17e54d16e
1fed517c · Daniel Henninger · dhenninger · 289998d7 · 1fed517c · 1fed517c
Commit 1fed517c authored Jan 20, 2008 by Daniel Henninger Committed by dhenninger Jan 20, 2008
7 changed files
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -275,6 +275,10 @@
 #       Added key: 'server.db.connection_details.when_created'
 #       Added key: 'server.db.connection_details.last_used'
 #       Added key: 'server.db.connection_details.thread'
+#       Added key: 'index.certificate-error'
+#       Added key: 'ssl.certificates.io_error'
+#       Added key: 'ssl.certificates.generated'
+#       Added key: 'ssl.certificates.uninstalled'

 # Openfire

@@ -794,6 +798,7 @@ index.uptime=Server Uptime:
 index.version=Version:
 index.home=Server Directory:
 index.certificate-warning=Found RSA certificate that is not valid for the server domain.
+index.certificate-error=Unable to access certificate store.  The keystore may be corrupt.
 index.server_name=Server Name:
 index.server_port=Server Ports
 index.server_ip=IP:Port, Security:
@@ -1795,6 +1800,7 @@ ssl.settings.available=Available
 ssl.settings.notavailable=Not Available
 ssl.settings.required=Required
 ssl.settings.optional=Optional
+ssl.settings.uninstalled=Uninstalled
 ssl.settings.server.legend=Server Connection Security
 ssl.settings.server.label_required=Required
 ssl.settings.server.label_required_info=Connections between servers always use secured connections.
@@ -1831,6 +1837,7 @@ ssl.certificates.algorithm=Algorithm
 ssl.certificates.confirm_delete=Are you sure you want to delete this certificate?
 ssl.certificates.added_updated=Certificate added or modified successfully.
 ssl.certificates.deleted=Certificate deleted successfully.
+ssl.certificates.generated=Certificates generated successfully.
 ssl.certificates.error=Error deleting the certificate.
 ssl.certificates.error_messenge=Error message
 ssl.certificates.error_importing-reply=An error occured while importing the Certificate Authority reply. Verify that \
@@ -1847,6 +1854,7 @@ ssl.certificates.error_installing=Error installing the certificate.
 ssl.certificates.error_reported=Error reported
 ssl.certificates.paste_certificate=Paste in the certificate sent to you by the CA or the self-signed \
        certificate generated via the keytool.
+ssl.certificates.io_error=Unable to access certificate store.  The keystore may be corrupt.

 ssl.signing-request.title=Signing request
 ssl.signing-request.issuer_information=Issuer Information

--- a/src/java/org/jivesoftware/openfire/net/SSLConfig.java
+++ b/src/java/org/jivesoftware/openfire/net/SSLConfig.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
 import java.util.List;

@@ -291,6 +292,22 @@ public class SSLConfig {
        return c2sTrustStore;
    }

+    /**
+     * Initializes (wipes and recreates) the keystore, and returns the new keystore.
+     *
+     * @return Newly initialized keystore.
+     */
+    public static KeyStore initializeKeyStore() {
+        try {
+            keyStore = KeyStore.getInstance(storeType);
+            keyStore.load(null, keypass.toCharArray());
+        }
+        catch (Exception e) {
+            Log.error("Unable to initialize keystore: ", e);
+        }
+        return keyStore;
+    }
+
    /**
     * Save all key and trust stores.
     */

--- a/src/web/import-certificate.jsp
+++ b/src/web/import-certificate.jsp
@@ -6,6 +6,7 @@
                java.util.HashMap,
                java.util.Map"
         errorPage="error.jsp"%>
+<%@ page import="java.security.KeyStore" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -41,8 +42,15 @@
                    index = index + 1;
                    alias = domain + "_" + index;
                }
+                KeyStore keystore;
+                try {
+                    keystore = SSLConfig.getKeyStore();
+                }
+                catch (Exception e) {
+                    keystore = SSLConfig.initializeKeyStore();
+                }
                // Import certificate
-                CertificateManager.installCert(SSLConfig.getKeyStore(), SSLConfig.gets2sTrustStore(),
+                CertificateManager.installCert(keystore, SSLConfig.gets2sTrustStore(),
                        SSLConfig.getKeyPassword(), alias, new ByteArrayInputStream(privateKey.getBytes()), passPhrase,
                        new ByteArrayInputStream(certificate.getBytes()), true, true);
                // Save keystore
@@ -138,7 +146,7 @@
                      <fmt:message key="ssl.import.certificate.private-key" />
                  </td>
                  <td width="99%">
-                      <textarea name="private-key" cols="60" rows="5" wrap="virtual"></textarea>
+                      <textarea name="private-key" cols="60" rows="5" wrap="virtual"/>
                  </td>
              </tr>
              <tr valign="top">
@@ -146,7 +154,7 @@
                      <fmt:message key="ssl.import.certificate.certificate" />
                  </td>
                  <td width="99%">
-                      <textarea name="certificate" cols="60" rows="5" wrap="virtual"></textarea>
+                      <textarea name="certificate" cols="60" rows="5" wrap="virtual"/>
                  </td>
              </tr>
          </tbody>

--- a/src/web/index.jsp
+++ b/src/web/index.jsp
@@ -134,7 +134,7 @@
 %>
 <style type="text/css">
 .bar TD {
-    padding : 0px;
+    padding : 0;
 }
 #jive-latest-activity .jive-bottom-line {
 	padding-top: 10px;
@@ -246,8 +246,12 @@
                    <fmt:message key="index.server_name" />
                </td>
                <td class="c2">
+                    <% try { %>
                    <% if (!CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getName())) {%>
-                    <img src="images/warning-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-warning" />" text="<fmt:message key="index.certificate-warning" />">&nbsp;
+                    <img src="images/warning-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-warning" />" title="<fmt:message key="index.certificate-warning" />">&nbsp;
+                    <% } %>
+                    <% } catch (Exception e) { %>
+                    <img src="images/error-16x16.gif" width="16" height="16" border="0" alt="<fmt:message key="index.certificate-error" />" title="<fmt:message key="index.certificate-error" />">&nbsp;
                    <% } %>
                    ${webManager.serverInfo.name}
                </td>
@@ -378,7 +382,7 @@
                    }
                }

-                %><div class="jive-bottom-line"></div><%
+                %><div class="jive-bottom-line"/><%
                if (lastBlogFeed != null && !lastBlogFeed.getEntries().isEmpty()) {

                    List entries = lastBlogFeed.getEntries();
@@ -392,7 +396,7 @@
                    <fmt:message key="index.cs_blog.unavailable" />
                 <% }

-                 %><div class="jive-bottom-line"></div><%
+                 %><div class="jive-bottom-line"/><%
                if (lastReleaseFeed != null && !lastReleaseFeed.getEntries().isEmpty()) {

                    List entries = lastReleaseFeed.getEntries();
@@ -435,9 +439,9 @@
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
        <% if (LocalClientSession.getTLSPolicy() == Connection.TLSPolicy.disabled) { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""/></td>
        <% } else { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.client_to_server" /></td>
        <td><fmt:message key="ports.client_to_server.desc">
@@ -454,7 +458,7 @@
    <tr>
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
-        <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+        <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <td><fmt:message key="ports.client_to_server" /></td>
        <td><fmt:message key="ports.client_to_server.desc_old_ssl">
            <fmt:param value="<a href='ssl-settings.jsp'>" />
@@ -470,9 +474,9 @@
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : serverPort.getIPAddress() %></td>
        <td><%= serverPort.getPort() %></td>
        <% if (JiveGlobals.getBooleanProperty("xmpp.server.tls.enabled", true)) { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } else { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.server_to_server" /></td>
        <td><fmt:message key="ports.server_to_server.desc">
@@ -492,9 +496,9 @@
        <td><%= "0.0.0.0".equals(address.getHostName()) ? LocaleUtils.getLocalizedString("ports.all_ports") : address.getHostName() %></td>
        <td><%= address.getPort() %></td>
        <% if (LocalConnectionMultiplexerSession.getTLSPolicy() == Connection.TLSPolicy.disabled) { %>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <% } else { %>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <% } %>
        <td><fmt:message key="ports.connection_manager" /></td>
        <td><fmt:message key="ports.connection_manager.desc">
@@ -510,7 +514,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : componentPort.getIPAddress() %></td>
        <td><%= componentPort.getPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.external_components" /></td>
        <td><fmt:message key="ports.external_components.desc">
            <fmt:param value="<a href='external-components-settings.jsp'>" />
@@ -522,14 +526,14 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= adminConsolePlugin.getAdminUnsecurePort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.admin_console" /></td>
        <td><fmt:message key="ports.admin_console.desc_unsecured" /></td>
    </tr>
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= adminConsolePlugin.getAdminSecurePort() %></td>
-        <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+        <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
        <td><fmt:message key="ports.admin_console" /></td>
        <td><fmt:message key="ports.admin_console.desc_secured" /></td>
    </tr>
@@ -539,7 +543,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= fileTransferProxy.getProxyPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.file_proxy" /></td>
        <td><fmt:message key="ports.file_proxy.desc" /></td>
    </tr>
@@ -553,7 +557,7 @@
        <tr>
            <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
            <td><%= httpBindManager.getHttpBindUnsecurePort() %></td>
-            <td><img src="images/blank.gif" width="1" height="1"></td>
+            <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
            <td><fmt:message key="ports.http_bind" /></td>
            <td><fmt:message key="ports.http_bind.desc_unsecured" /></td>
        </tr>
@@ -564,7 +568,7 @@
        <tr>
            <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
            <td><%= httpBindManager.getHttpBindSecurePort() %></td>
-            <td><img src="images/lock.gif" width="16" height="16" border="0"/></td>
+            <td><img src="images/lock.gif" width="16" height="16" border="0" alt=""/></td>
            <td><fmt:message key="ports.http_bind" /></td>
            <td><fmt:message key="ports.http_bind.desc_secured" /></td>
        </tr>
@@ -576,7 +580,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= mediaProxyService.getMinPort() %> - <%= mediaProxyService.getMaxPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.media_proxy" /></td>
        <td><fmt:message key="ports.media_proxy.desc" /></td>
    </tr>
@@ -587,7 +591,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= stunService.getPrimaryPort() %> & <%= stunService.getSecondaryPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.stun" /></td>
        <td><fmt:message key="ports.stun.desc" /></td>
    </tr>
@@ -595,7 +599,7 @@
    <tr>
        <td><%= interfaceName == null ? LocaleUtils.getLocalizedString("ports.all_ports") : interfaceName %></td>
        <td><%= flashCrossDomainHandler.getPort() %></td>
-        <td><img src="images/blank.gif" width="1" height="1"></td>
+        <td><img src="images/blank.gif" width="1" height="1" alt=""></td>
        <td><fmt:message key="ports.flash_cross_domain" /></td>
        <td><fmt:message key="ports.flash_cross_domain.desc" /></td>
    </tr>
@@ -609,4 +613,4 @@
 </form>

    </body>
-</html>
\ No newline at end of file
+</html>
--- a/src/web/ssl-certificates.jsp
+++ b/src/web/ssl-certificates.jsp
@@ -15,6 +15,9 @@
 <%@ page import="java.util.Map" %>
 <%@ page import="org.jivesoftware.openfire.container.PluginManager" %>
 <%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
+<%@ page import="java.io.IOException" %>
+<%@ page import="java.io.FileInputStream" %>
+<%@ page import="java.io.FileOutputStream" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -32,23 +35,35 @@
    boolean importReply = ParamUtils.getBooleanParameter(request, "importReply");
    String type = ParamUtils.getParameter(request, "type");
    String alias = ParamUtils.getParameter(request, "alias");
+    Map<String, Object> errors = new HashMap<String, Object>();
+    KeyStore keyStore = null;

-    KeyStore keyStore = SSLConfig.getKeyStore();
+    try {
+        keyStore = SSLConfig.getKeyStore();
+    }
+    catch (IOException e) {
+        e.printStackTrace();
+        errors.put("ioerror", e);
+    }

-    Map<String, Object> errors = new HashMap<String, Object>();
    if (generate) {
        String domain = XMPPServer.getInstance().getServerInfo().getName();
        try {
-            if (!CertificateManager.isDSACertificate(keyStore, domain)) {
+            if (errors.containsKey("ioerror") && keyStore == null) {
+                keyStore = SSLConfig.initializeKeyStore();
+            }
+            if (errors.containsKey("ioerror") || !CertificateManager.isDSACertificate(keyStore, domain)) {
                CertificateManager
                        .createDSACert(keyStore, SSLConfig.getKeyPassword(), domain + "_dsa", "cn=" + domain, "cn=" + domain, "*." + domain);
            }
-            if (!CertificateManager.isRSACertificate(keyStore, domain)) {
+            if (errors.containsKey("ioerror") || !CertificateManager.isRSACertificate(keyStore, domain)) {
                CertificateManager
                        .createRSACert(keyStore, SSLConfig.getKeyPassword(), domain + "_rsa", "cn=" + domain, "cn=" + domain, "*." + domain);
            }
            // Save new certificates into the key store
            SSLConfig.saveStores();
+            response.sendRedirect("ssl-certificates.jsp?generatesuccess=true");
+            return;
        }
        catch (Exception e) {
            e.printStackTrace();
@@ -96,32 +111,51 @@
  </head>
  <body>

-  <% if (keyStore.size() > 1 && !CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getName())) { %>
+  <% if (((AdminConsolePlugin) pluginManager.getPlugin("admin")).isRestartNeeded()) { %>
      <div class="warning">
      <table cellpadding="0" cellspacing="0" border="0">
      <tbody>
          <tr>
          <td class="jive-icon-label">
-              <fmt:message key="index.certificate-warning"/>
+              <fmt:message key="ssl.certificates.restart_server">
+                  <fmt:param value="<%= "<a href='server-restart.jsp?page=ssl-certificates.jsp'>" %>" />
+                  <fmt:param value="<%= "</a>" %>" />
+              </fmt:message>
+          </td></tr>
+      </tbody>
+      </table>
+      </div><br>
+  <%  } else if (errors.containsKey("ioerror")) {
+          Exception e = (Exception)errors.get("ioerror");
+  %>
+      <div class="jive-error">
+      <table cellpadding="0" cellspacing="0" border="0">
+      <tbody>
+          <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
+          <td class="jive-icon-label">
+          <fmt:message key="ssl.certificates.io_error" /><br />
+          <fmt:message key="ssl.certificates.no_installed">
+              <fmt:param value="<%= "<a href='ssl-certificates.jsp?generate=true'>" %>" />
+              <fmt:param value="<%= "</a>" %>" />
+              <fmt:param value="<%= "<a href='import-certificate.jsp'>" %>" />
+              <fmt:param value="<%= "</a>" %>" />
+          </fmt:message>
          </td></tr>
      </tbody>
      </table>
      </div><br>
-  <% } else if (((AdminConsolePlugin) pluginManager.getPlugin("admin")).isRestartNeeded()) { %>
+  <% } else if (keyStore != null && keyStore.size() > 1 && !CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getName())) { %>
      <div class="warning">
      <table cellpadding="0" cellspacing="0" border="0">
      <tbody>
          <tr>
          <td class="jive-icon-label">
-              <fmt:message key="ssl.certificates.restart_server">
-                  <fmt:param value="<%= "<a href='server-restart.jsp?page=ssl-certificates.jsp'>" %>" />
-                  <fmt:param value="<%= "</a>" %>" />
-              </fmt:message>
+              <fmt:message key="index.certificate-warning"/>
          </td></tr>
      </tbody>
      </table>
      </div><br>
-  <% } else if (keyStore.size() < 2 ) { %>
+  <% } else if (keyStore != null && keyStore.size() < 2 ) { %>
      <div class="warning">
      <table cellpadding="0" cellspacing="0" border="0">
      <tbody>
@@ -150,6 +184,19 @@
      </table>
      </div><br>

+  <%  } else if (ParamUtils.getBooleanParameter(request,"generatesuccess")) { %>
+
+      <div class="jive-success">
+      <table cellpadding="0" cellspacing="0" border="0">
+      <tbody>
+          <tr><td class="jive-icon"><img src="images/success-16x16.gif" width="16" height="16" border="0" alt=""></td>
+          <td class="jive-icon-label">
+          <fmt:message key="ssl.certificates.generated" />
+          </td></tr>
+      </tbody>
+      </table>
+      </div><br>
+
  <%  } else if (ParamUtils.getBooleanParameter(request,"deletesuccess")) { %>

      <div class="jive-success">
@@ -270,31 +317,32 @@
  </thead>
  <tbody>

-  <% int i = 0;
+  <%  int i = 0;
      boolean offerUpdateIssuer = false;
      Map<String, String> signingRequests = new HashMap<String, String>();
-      for (Enumeration aliases = keyStore.aliases(); aliases.hasMoreElements();) {
-          i++;
-          String a = (String) aliases.nextElement();
-          X509Certificate c = (X509Certificate) keyStore.getCertificate(a);
-          StringBuffer identities = new StringBuffer();
-          for (String identity : CertificateManager.getPeerIdentities(c)) {
-              identities.append(identity).append(", ");
-          }
-          if (identities.length() > 0) {
-              identities.setLength(identities.length() - 2);
-          }
-          // Self-signed certs are certs generated by Openfire whose IssueDN equals SubjectDN
-          boolean isSelfSigned = CertificateManager.isSelfSignedCertificate(keyStore, a);
-          // Signing Request pending = not self signed certs whose chain has only 1 cert (the same cert)
-          boolean isSigningPending = CertificateManager.isSigningRequestPending(keyStore, a);
+      if (keyStore != null) {
+          for (Enumeration aliases = keyStore.aliases(); aliases.hasMoreElements();) {
+              i++;
+              String a = (String) aliases.nextElement();
+              X509Certificate c = (X509Certificate) keyStore.getCertificate(a);
+              StringBuffer identities = new StringBuffer();
+              for (String identity : CertificateManager.getPeerIdentities(c)) {
+                  identities.append(identity).append(", ");
+              }
+              if (identities.length() > 0) {
+                  identities.setLength(identities.length() - 2);
+              }
+              // Self-signed certs are certs generated by Openfire whose IssueDN equals SubjectDN
+              boolean isSelfSigned = CertificateManager.isSelfSignedCertificate(keyStore, a);
+              // Signing Request pending = not self signed certs whose chain has only 1 cert (the same cert)
+              boolean isSigningPending = CertificateManager.isSigningRequestPending(keyStore, a);

-          offerUpdateIssuer = offerUpdateIssuer || isSelfSigned || isSigningPending;
-          if (isSigningPending) {
-              // Generate new signing request for certificate
-              PrivateKey privKey = (PrivateKey) keyStore.getKey(a, SSLConfig.getKeyPassword().toCharArray());
-              signingRequests.put(a, CertificateManager.createSigningRequest(c, privKey));
-          }
+              offerUpdateIssuer = offerUpdateIssuer || isSelfSigned || isSigningPending;
+              if (isSigningPending) {
+                  // Generate new signing request for certificate
+                  PrivateKey privKey = (PrivateKey) keyStore.getKey(a, SSLConfig.getKeyPassword().toCharArray());
+                  signingRequests.put(a, CertificateManager.createSigningRequest(c, privKey));
+              }
  %>
      <tr valign="top">
          <td id="rs<%=i%>" width="1" rowspan="1"><%= (i) %>.</td>
@@ -312,17 +360,17 @@
              <% } %>
          </td>
          <% if (isSelfSigned && !isSigningPending) { %>
-          <td width="1%"><img src="images/certificate_warning-16x16.png" width="16" height="16" border="0" title="<fmt:message key="ssl.certificates.self-signed.info" />"></td>
+          <td width="1%"><img src="images/certificate_warning-16x16.png" width="16" height="16" border="0" alt="<fmt:message key="ssl.certificates.self-signed.info" />" title="<fmt:message key="ssl.certificates.self-signed.info" />"></td>
          <td width="1%" nowrap>
            <fmt:message key="ssl.certificates.self-signed" />
          </td>
          <% } else if (isSigningPending) { %>
-          <td width="1%"><img src="images/certificate_warning-16x16.png" width="16" height="16" border="0" title="<fmt:message key="ssl.certificates.signing-pending.info" />"></td>
+          <td width="1%"><img src="images/certificate_warning-16x16.png" width="16" height="16" border="0" alt="<fmt:message key="ssl.certificates.signing-pending.info" />" title="<fmt:message key="ssl.certificates.signing-pending.info" />"></td>
          <td width="1%" nowrap>
            <fmt:message key="ssl.certificates.signing-pending" />
          </td>
          <% } else { %>
-          <td width="1%"><img src="images/certificate_ok-16x16.png" width="16" height="16" border="0" title="<fmt:message key="ssl.certificates.ca-signed.info" />"></td>
+          <td width="1%"><img src="images/certificate_ok-16x16.png" width="16" height="16" border="0" alt="<fmt:message key="ssl.certificates.ca-signed.info" />" title="<fmt:message key="ssl.certificates.ca-signed.info" />"></td>
          <td width="1%" nowrap>
            <fmt:message key="ssl.certificates.ca-signed" />
          </td>
@@ -346,7 +394,7 @@
              <span class="jive-description">
              <fmt:message key="ssl.certificates.ca-reply" />
              </span>
-              <textarea name="reply" cols="40" rows="3" style="width:100%;font-size:8pt;" wrap="virtual"></textarea>
+              <textarea name="reply" cols="40" rows="3" style="width:100%;font-size:8pt;" wrap="virtual"/>
          </td>
          <td valign="bottom">
              <input type="submit" name="install" value="<fmt:message key="global.save" />">   
@@ -354,7 +402,7 @@
      </tr>
      </form>
      <% } %>
-
+     <% } %>
  <%  } %>

  </tbody>

--- a/src/web/ssl-settings.jsp
+++ b/src/web/ssl-settings.jsp
@@ -296,8 +296,7 @@
 						</table>
 					</td>
 				</tr>
-			</tr>
-		</tbody>
+		    </tbody>
 		</table>


@@ -376,8 +375,7 @@
 						</table>
 					</td>
 				</tr>
-			</tr>
-		</tbody>
+		    </tbody>
 		</table>
 	</div>


--- a/src/web/ssl-signing-request.jsp
+++ b/src/web/ssl-signing-request.jsp
@@ -28,10 +28,17 @@
    String state = ParamUtils.getParameter(request, "state");
    String countryCode = ParamUtils.getParameter(request, "country");

-    KeyStore keyStore = SSLConfig.getKeyStore();
    Map<String, Object> errors = new HashMap<String, Object>();

    if (save) {
+        KeyStore keyStore;
+        try {
+            keyStore = SSLConfig.getKeyStore();
+        }
+        catch (Exception e) {
+            keyStore = SSLConfig.initializeKeyStore();
+        }
+
        // Verify that fields were completed
        if (name == null) {
            errors.put("name", "");