Hi Thomas,
I have encrypted the keystore password using openssl and hardcoded in
server.xml.
For decrypting , Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and
mentioned as below in server.xml
<Connector protocol="com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp"
Decryption is successful even though I am getting the following error and web
app is not up.
I tried a toy program that is working fine. I feel that something missed. Could
you please help me here
Sep 11, 2017 10:51:16 AM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-nio2-2309"]
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:313)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:810)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:476)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:581)
at org.apache.catalina.startup.Catalina.load(Catalina.java:604)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 26 more
Sep 11, 2017 10:51:16 AM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector
[Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp-2309]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:871)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
-----Original Message-----
From: Mark Thomas [mailto:[email protected]]
Sent: Monday, September 11, 2017 4:03 PM
To: Tomcat Users List
Subject: Re: Encrypt Keystore password in server.xml 8.0.45
On 11/09/17 10:11, S Abirami wrote:
>
> Hi All,
>
> I have to encrypt keystore password in server.xml.
https://wiki.apache.org/tomcat/FAQ/Password
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
