Hi,
thank you very much for all your effords, but it still does'nt work.
That is what I do:
CREATE KEY:
------------------------------------------------------------------------------------------------------
../../java/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
/opt/wt24/apache-tomcat-5.5.16/conf/.keystore
../../java/bin/keytool -export -alias tomcat -file
/opt/wt24/apache-tomcat-5.5.16/conf/tomcat-server.crt -keystore
/opt/wt24/apache-tomcat-5.5.16/conf/.keystore
../../java/bin/keytool -import -file
/opt/wt24/apache-tomcat-5.5.16/conf/tomcat-server.crt -keystore
/opt/wt24/apache-tomcat-5.5.16/conf/cacerts
In this process, I use the same password for all
------------------------------------------------------------------------------------------------------
SERVER.XML looks like this:
------------------------------------------------------------------------------------------------------
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="secret"
debug="0"
keystoreFile="/opt/wt24/apache-tomcat-5.5.16/conf/.keystore"
truststoreFile="/opt/wt24/apache-tomcat-5.5.16/conf/cacerts"
truststorePass="password as used in key-creation"
/>
-----------------------------------------------------------------------------------------------------
When I START TOMCAT, the log shows:
----------------------------------------------------------------------------------------------------
INFO: Starting Coyote HTTP/1.1 on http-80
12.04.2006 19:43:55 org.apache.coyote.http11.Http11BaseProtocol start
SCHWERWIEGEND: Error starting endpoint
java.io.IOException: Keystore was tampered with, or password was incorrect
at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:222)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:141)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
at
org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75)
at
org.apache.catalina.connector.Connector.start(Connector.java:1089)
at
org.apache.catalina.core.StandardService.start(StandardService.java:459)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
12.04.2006 19:43:55 org.apache.catalina.startup.Catalina start
SCHWERWIEGEND: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler
start failed: java.io.IOException: Keystore was tampered with, or passwor
d was incorrect
at
org.apache.catalina.connector.Connector.start(Connector.java:1096)
at
org.apache.catalina.core.StandardService.start(StandardService.java:459)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
12.04.2006 19:43:55 org.apache.catalina.startup.Catalina start
INFO: Server startup in 4215 ms
--------------------------------------------------------------------------------------------
I need to find the reason for my problems.
Please help!
Thanks
Klaus
[EMAIL PROTECTED] schrieb:
"Klaus-F. Kaal" <[EMAIL PROTECTED]> wrote on 04/12/2006 11:11:16
AM:
Hi Franck, still tomcat moans that the keystore was tampered or password
was incorrect.
I am not sure about the password. With all questions, I gave my own and
allways the same. Was that correct?
Klaus
Franck Borel schrieb:
...
Ok, Klaus. I think the problem is that Tomcat don't accept your
openssl crt. Tomcat operates only with JKS or PKCS12 (--> OpenSSL)
format keystores and there are some limitations on the support for
PKCS12. So, try this:
1) keytool -genkey -alias tomcat -keyalg RSA -keystore
/opt/tomcat/bin/.keystore --> creates key
2) keytool -export -alias tomcat -file tomcat-server.crt -keystore
/opt/tomcat/bin/.keystore --> creates certificate and signs it with
your key
3) keytool -import -file tomcat-server.crt -keystore
/opt/tomcat/conf/cacerts --> creates a Keystore cacerts and add your
certificate
Now, edit your server.xml:
<Connector port="443"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookup="false"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile = "conf/.keystore"
keystorePass = "secret"
truststoreFile = "conf/cacerts"/>
This should work.
-- Franck
Klaus,
I just solved a similar problem (I described it in a message in this
forum:Tomcat on AIX, IBM's JVM. Was Re: [OT] AIX filtering Explorer?). I
did everything Franck suggested with no luck. I added the full path to the
(key|trust)storeFile paramaters and it worked. I'll experiment to find a
precise cause of the problem. I have symbolic links in my path to the
tomcat distribution, which may cause a problem.
BTW I think Franck's instructions should have been either
1) keytool -genkey -alias tomcat -keyalg RSA -keystore
/opt/tomcat/conf/.keystore --> creates key
or
keystoreFile = "bin/.keystore"
and probably he meant the former.
Tim S
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
Our company accepts no liability for the content of this email, or for the
consequences of any actions taken on the basis of the information
provided, unless that information is subsequently confirmed in writing.
Any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of the company.
WARNING: Computer viruses can be transmitted via email.
The recipient should check this email and any attachments for the
presence of viruses. The company accepts no liability for any damage
caused by any virus transmitted by this email.
11/29/2003 ACE Software, LLC
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
