• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Need help to solve SSL Error in apache-tomcat-9.0.0.M9

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have enabled SSL in server.xml as below. After enabling it i have error like "SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-443"]
java.lang.IllegalArgumentException: java.io.IOException: Keystore was tampered with, or password was incorrect"

But i have checked that it is working fine in apache-tomcat-7.0.55.

Server.xml content in my server:
---------------------------------------
   <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="5000" SSLEnabled="true">
       <SSLHostConfig>
           <Certificate certificateKeystoreFile="/mnt/tomcat_org.keystore" keystorePass="xxxxx"
                        type="RSA" />
       </SSLHostConfig>
   </Connector>

I dont know that the keystore depends on jdk version or not!!!

Keystore was generated in jdk 1.7.65 but now i used it in server which has jdk1.8.0_102.

Keystore file have 777 permission and used in amazon linux os.

Help me to enable SSL.
 
Saloon Keeper
Posts: 24569
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, TuxVinoth!

The keystore is a feature of the JDK, not of Tomcat, so I don't think that the version of Tomcat you are using should have an impact. And I've worked with the same keystore files in Java versions 6, 7, and 8 with no problems. The only times I have had issues is when working with the open-source JDK that comes pre-packaged with Linux - I always use the Sun/Oracle JDK.

From a purely operational point of view, I don't recommend keeping the actual keystore database in the /mnt/directory, since /mnt is generally either used for temporary external filesystem mounting or as the base directory for mounting on subdirectories. If I had to choose, I'd probably put it in a directory such as /var/lib/tomcat, although most commonly I just place it somewhere near the tomcat directory itself. "777" is very insecure, though. I recommend something more like "0640" for access rights.

The message you're getting pretty much explains itself. It says that the password doesn't match the keystore file. So either you're not actually pointing at the keystore file you think you are or the password isn't correct. You can use the keytool program to check the password. Use something like the "keytool list" command, which will list your stored security documents without actually changing anything in the keystore.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic