Hi Chris, Below is the stack trace, the same keystore file working fine in tomcat 9.
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173) at org.apache.catalina.core.StandardService.addConnector(StandardService.java:234) ... 7 more Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:205) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052) ... 10 more Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:794) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) at java.security.KeyStore.load(KeyStore.java:1449) at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69) at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217) at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105) ... 17 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792) ... 28 more Regards, Abirami.S -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Thursday, January 9, 2025 11:40 PM To: users@tomcat.apache.org Subject: Re: Tomcat 9 to Tomcat 10 SSLHostConfig issue in Embedded Tomcat Abirami, On 1/9/25 6:57 AM, S Abirami wrote: > After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce > SSLHostConfig. > Introduced SSLHostConfig with Keystorefile and KeystorePassword as mentioned > below is not working and throwing error with file is tampered. > > SSLHostConfig sslHostConfig = new SSLHostConfig(); > SSLHostConfigCertificate sslHostConfigCer = new > SSLHostConfigCertificate( sslHostConfig, > SSLHostConfigCertificate.Type.UNDEFINED ); > sslHostConfig.setInsecureRenegotiation( false ); > sslHostConfigCer.setCertificateKeystoreFile( > "/var/tmp/cert/server.jks" ); > sslHostConfigCer.setCertificateKeyPassword( "Temp@123456" ); > sslHostConfig.addCertificate( sslHostConfigCer ); > this.addSslHostConfig( sslHostConfig ); Are you missing a call to sslHostConfig.setCertificateKeystoreType("JKS")? Can you post the stack trace you are getting and the full error message? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org