Re: Tomcat 9 to Tomcat 10 SSLHostConfig issue in Embedded Tomcat

Thu, 09 Jan 2025 21:13:04 -0800 

On Fri, 10 Jan 2025 at 11:51, S Abirami <s.abir...@ericsson.com.invalid> wrote:
>
> Hi Chris,
>
> Below is the stack trace, the same keystore file working fine in tomcat 9.
>
> Caused by: org.apache.catalina.LifecycleException: Protocol handler 
> initialization failed
>         at 
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
>         at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>         at 
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173)
>         at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:234)
>         ... 7 more
> Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or 
> password was incorrect
>         at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
>         at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
>         at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:205)
>         at 
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
>
>            at 
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
>         at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
>         at 
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
>         at 
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
>         ... 10 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was 
> incorrect
>         at 
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:794)
>         at 
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
>         at 
> sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
>         at 
> sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
>         at java.security.KeyStore.load(KeyStore.java:1449)
>         at 
> org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
>         at 
> org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
>         at 
> org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
>         at 
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
>         at 
> org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
>         at 
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
>         at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
>         ... 17 more
> Caused by: java.security.UnrecoverableKeyException: Password verification 
> failed
>         at 
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
>         ... 28 more
>
> Regards,
> Abirami.S
> -----Original Message-----
> From: Christopher Schultz <ch...@christopherschultz.net>
> Sent: Thursday, January 9, 2025 11:40 PM
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 9 to Tomcat 10 SSLHostConfig issue in Embedded Tomcat
>
> Abirami,
>
> On 1/9/25 6:57 AM, S Abirami wrote:
> > After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce 
> > SSLHostConfig.
> > Introduced SSLHostConfig with Keystorefile and KeystorePassword as 
> > mentioned below is not working and throwing error with file is tampered.
> >
> > SSLHostConfig sslHostConfig = new SSLHostConfig();
> > SSLHostConfigCertificate sslHostConfigCer = new
> > SSLHostConfigCertificate( sslHostConfig,
> > SSLHostConfigCertificate.Type.UNDEFINED );
> > sslHostConfig.setInsecureRenegotiation( false );
> > sslHostConfigCer.setCertificateKeystoreFile(
> > "/var/tmp/cert/server.jks" );
> > sslHostConfigCer.setCertificateKeyPassword( "Temp@123456" );
> > sslHostConfig.addCertificate( sslHostConfigCer );

I'm not an expert
But I guess you should specify "keystore password"
for ex. by calling
setCertificateKeystorePassword(java.lang.String certificateKeystorePassword)

:))

> > this.addSslHostConfig( sslHostConfig );
>
> Are you missing a call to sslHostConfig.setCertificateKeystoreType("JKS")?
>
> Can you post the stack trace you are getting and the full error message?
>
> -chris
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-- 
Best regards,
Maxim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to