Hi Chris,

Below is the stack trace, the same keystore file working fine in tomcat 9.

Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173)
        at 
org.apache.catalina.core.StandardService.addConnector(StandardService.java:234)
        ... 7 more
Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or 
password was incorrect
        at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
        at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:205)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
       
           at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
        at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
        ... 10 more
Caused by: java.io.IOException: Keystore was tampered with, or password was 
incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:794)
        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
        at 
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
        at 
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
        at java.security.KeyStore.load(KeyStore.java:1449)
        at 
org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
        at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
        at 
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
        at 
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
        at 
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
        at 
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
        at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
        ... 17 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
        ... 28 more

Regards,
Abirami.S
-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net> 
Sent: Thursday, January 9, 2025 11:40 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 to Tomcat 10 SSLHostConfig issue in Embedded Tomcat

Abirami,

On 1/9/25 6:57 AM, S Abirami wrote:
> After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce 
> SSLHostConfig.
> Introduced SSLHostConfig with Keystorefile and KeystorePassword as mentioned 
> below is not working and throwing error with file is tampered.
> 
> SSLHostConfig sslHostConfig = new SSLHostConfig(); 
> SSLHostConfigCertificate sslHostConfigCer = new 
> SSLHostConfigCertificate( sslHostConfig, 
> SSLHostConfigCertificate.Type.UNDEFINED ); 
> sslHostConfig.setInsecureRenegotiation( false ); 
> sslHostConfigCer.setCertificateKeystoreFile( 
> "/var/tmp/cert/server.jks" ); 
> sslHostConfigCer.setCertificateKeyPassword( "Temp@123456" ); 
> sslHostConfig.addCertificate( sslHostConfigCer ); 
> this.addSslHostConfig( sslHostConfig );

Are you missing a call to sslHostConfig.setCertificateKeystoreType("JKS")?

Can you post the stack trace you are getting and the full error message?

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to