• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Keystore was tampered with, or password was incorrect

 
Cindy Jones
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to use LDAP with SSL.
I created a trusted store using an SSL certificate.
I am able to validate the user id and password using this certificate from a web application deployed to JBOSS AS on my Windows machine.
I need to do the same thing from a JBOSS application server on a unix machine. When I try to login with valid credentials, I get the following error:

javax.naming.CommunicationException: ${ldapurl}. Root exception is
java.net.SocketException: KeyManagerFactoryImpl: Keystore was tampered with, or password was incorrect

The same keystore, keystore password , user id and user password work locally.
What could be wrong?
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings
You may not be setting _all_ of the java.net.ssl.* system props in your $JAVA_OPS. I would start by editing run.conf under jboss/bin if on linux or run.ini if on win.
 
Cindy Jones
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am setting
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${password}"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore={$keystoreFilePath}"
in run.sh
Is there any extra configuration that is needed?
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello again
Being that you are setting the java.net.ssl.*, start up jboss and look in the server.log file for those property names and values. Check each value from the command line with keytool. For example, if the server.xml lists all java.net.ssl.keystore=blah and java.net.keystorePass=passwd then do this at the command line:

keytool -list -keystore blah -keystorePass passwd
Let me know how that goes.
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Correction: Look for system properties in server.log, not server.xml. Also make sure you set a keystore and password on the server side.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic