• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Keystore was tampered with, or password was incorrect

 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to use LDAP with SSL.
I created a trusted store using an SSL certificate.
I am able to validate the user id and password using this certificate from a web application deployed to JBOSS AS on my Windows machine.
I need to do the same thing from a JBOSS application server on a unix machine. When I try to login with valid credentials, I get the following error:

javax.naming.CommunicationException: ${ldapurl}. Root exception is
java.net.SocketException: KeyManagerFactoryImpl: Keystore was tampered with, or password was incorrect

The same keystore, keystore password , user id and user password work locally.
What could be wrong?
 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Greetings
You may not be setting _all_ of the java.net.ssl.* system props in your $JAVA_OPS. I would start by editing run.conf under jboss/bin if on linux or run.ini if on win.
 
Cindy Jones
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am setting
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${password}"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore={$keystoreFilePath}"
in run.sh
Is there any extra configuration that is needed?
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello again
Being that you are setting the java.net.ssl.*, start up jboss and look in the server.log file for those property names and values. Check each value from the command line with keytool. For example, if the server.xml lists all java.net.ssl.keystore=blah and java.net.keystorePass=passwd then do this at the command line:

keytool -list -keystore blah -keystorePass passwd
Let me know how that goes.
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Correction: Look for system properties in server.log, not server.xml. Also make sure you set a keystore and password on the server side.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic