On Fri, 10 Jan 2025 at 11:51, S Abirami <s.abir...@ericsson.com.invalid> wrote: > > Hi Chris, > > Below is the stack trace, the same keystore file working fine in tomcat 9. > > Caused by: org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173) > at > org.apache.catalina.core.StandardService.addConnector(StandardService.java:234) > ... 7 more > Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or > password was incorrect > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:205) > at > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192) > > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1052) > ... 10 more > Caused by: java.io.IOException: Keystore was tampered with, or password was > incorrect > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:794) > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) > at > sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) > at > sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) > at java.security.KeyStore.load(KeyStore.java:1449) > at > org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69) > at > org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217) > at > org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207) > at > org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) > at > org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98) > at > org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105) > ... 17 more > Caused by: java.security.UnrecoverableKeyException: Password verification > failed > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792) > ... 28 more > > Regards, > Abirami.S > -----Original Message----- > From: Christopher Schultz <ch...@christopherschultz.net> > Sent: Thursday, January 9, 2025 11:40 PM > To: users@tomcat.apache.org > Subject: Re: Tomcat 9 to Tomcat 10 SSLHostConfig issue in Embedded Tomcat > > Abirami, > > On 1/9/25 6:57 AM, S Abirami wrote: > > After migrating from Tomcat 9 to Tomcat 10, there is an error to introduce > > SSLHostConfig. > > Introduced SSLHostConfig with Keystorefile and KeystorePassword as > > mentioned below is not working and throwing error with file is tampered. > > > > SSLHostConfig sslHostConfig = new SSLHostConfig(); > > SSLHostConfigCertificate sslHostConfigCer = new > > SSLHostConfigCertificate( sslHostConfig, > > SSLHostConfigCertificate.Type.UNDEFINED ); > > sslHostConfig.setInsecureRenegotiation( false ); > > sslHostConfigCer.setCertificateKeystoreFile( > > "/var/tmp/cert/server.jks" ); > > sslHostConfigCer.setCertificateKeyPassword( "Temp@123456" ); > > sslHostConfig.addCertificate( sslHostConfigCer );
I'm not an expert But I guess you should specify "keystore password" for ex. by calling setCertificateKeystorePassword(java.lang.String certificateKeystorePassword) :)) > > this.addSslHostConfig( sslHostConfig ); > > Are you missing a call to sslHostConfig.setCertificateKeystoreType("JKS")? > > Can you post the stack trace you are getting and the full error message? > > -chris > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- Best regards, Maxim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org