aspose file tools*
The moose likes Security and the fly likes Keystore was tampered with, or password was incorrect Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Keystore was tampered with, or password was incorrect " Watch "Keystore was tampered with, or password was incorrect " New topic
Author

Keystore was tampered with, or password was incorrect

Cindy Jones
Ranch Hand

Joined: Oct 08, 2002
Posts: 66
I am trying to use LDAP with SSL.
I created a trusted store using an SSL certificate.
I am able to validate the user id and password using this certificate from a web application deployed to JBOSS AS on my Windows machine.
I need to do the same thing from a JBOSS application server on a unix machine. When I try to login with valid credentials, I get the following error:

javax.naming.CommunicationException: ${ldapurl}. Root exception is
java.net.SocketException: KeyManagerFactoryImpl: Keystore was tampered with, or password was incorrect

The same keystore, keystore password , user id and user password work locally.
What could be wrong?
Set Cruz
Greenhorn

Joined: Jan 31, 2008
Posts: 26
Greetings
You may not be setting _all_ of the java.net.ssl.* system props in your $JAVA_OPS. I would start by editing run.conf under jboss/bin if on linux or run.ini if on win.


SCJP, Oracle PL/SQL Developer
Cindy Jones
Ranch Hand

Joined: Oct 08, 2002
Posts: 66
I am setting
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${password}"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore={$keystoreFilePath}"
in run.sh
Is there any extra configuration that is needed?
Set Cruz
Greenhorn

Joined: Jan 31, 2008
Posts: 26
Hello again
Being that you are setting the java.net.ssl.*, start up jboss and look in the server.log file for those property names and values. Check each value from the command line with keytool. For example, if the server.xml lists all java.net.ssl.keystore=blah and java.net.keystorePass=passwd then do this at the command line:

keytool -list -keystore blah -keystorePass passwd
Let me know how that goes.
Set Cruz
Greenhorn

Joined: Jan 31, 2008
Posts: 26
Correction: Look for system properties in server.log, not server.xml. Also make sure you set a keystore and password on the server side.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Keystore was tampered with, or password was incorrect