Re: Invalid Keystore format error on Tomcat

Tue, 27 Dec 2022 11:20:25 -0800 

Veni,

On 12/23/22 12:16, Janardhanan, Veni wrote:

Hi,

I’ve a self-signed certificate installed on Tomcat 9 which works fine. This is 
a Crystal Server SAP BO BI 4.3 box.
To make it secure I installed our CA signed certificate. After a restart I 
brought Tomcat up, the logs show ‘Invalid Keystore format’ error.

Below is the config from server.xml.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                                            compressionMinSize="2048" URIEncoding="UTF-8" 
compression="on"
                                            
certificateKeyAlias="xxxxxxxx.corp.xxxxxxx.com"
                              
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/javascript,application/json"
             maxThreads="200" scheme="https" secure="true" SSLEnabled="true">
         <SSLHostConfig>
             <Certificate certificateKeystoreFile="C:/SSL/certnew_pfx.pfx"
                                                           
certificateKeystorePassword="Crystal!@#" keystoreType="PKCS12"
                          type="RSA" />
         </SSLHostConfig>
     </Connector>

Please suggest. Am stuck at this point unable to proceed further, any 
hints/thoughts highly appreciated!
I'm sorry, I didn't realize that this was essentially a re-post of your previous thread with subject "Install CA signed certificate on Tomcat 9". 

I see this was what was in your keystore:

Your keystore contains 2 entries

tomcat, Sep 8, 2022, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 8B:1D:5B:59:86:39:A5:CD:AB:2A:4A:45:13:2B:82:A1:44:CD:8A:E7:20:96:5A:02:0F:73:E3:5A:A6:DB:B6:FD 
tomcat1, Sep 29, 2022, trustedCertEntry,
Certificate fingerprint (SHA-256): 1F:A1:D5:1A:AD:5C:57:6C:B8:90:D8:CA:D1:89:2D:E1:1E:1F:7E:78:D2:19:72:CE:CC:3B:25:03:DE:0F:E1:B6
On 23 Dec you said "when I access the Central Management Console, the browser shows site as ‘Not Secure’". 

What is the Central Management Console?

Is Tomcat able to start without throwing any errors in the log files?
Are you able to reach the site, but get a browser warning that it's "insecure"? I just want to make sure we are solving he right problem. 

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to