I've worked around the "java.io.IOException: Keystore was tampered with, or password was incorrect" problem now and that was the cause of it all.
I can clear the problem by using the password "changeit" as I generate my key, and by not using the keystorePass attribute on the connector in the server.xml. On Tomcat 4 I could override that password (I could "change it") in that way and the documentation on 5.5 says I can do it the same way, but I'm not seeing it work on Tomcat 5.5. Is this keystore password supposed to be changed as I have presumed (ensuring the same is used in the server.xml connector's keystorePass attribute as is used in generation) or is using anything other than "changeit" not typically done ? -----Original Message----- From: Ben Iggulden [mailto:[EMAIL PROTECTED] Sent: 06 July 2007 13:28 To: users@tomcat.apache.org Subject: https in Tomcat 5.5 via basic JKS keytool keystore..not doing what it should ! Bit of a maddening problem this one. I'm setting up https on Tomcat 5.5. Following the how-to closely I've generated a keystore using keytool and uncommented/modified the port 8443 connector in the server.xml. But the https connector just fails to work, the logs report these errors: 1. org.apache.tomcat.util.net.SSLImplementation - Error loading SSL Implementation org.apache.tomcat.util.net.puretls.PureTLSImplementation java.lang.ClassNotFoundException: org.apache.tomcat.util.net.puretls.PureTLSImplementation 2. DEBUG main org.apache.tomcat.util.net.jsse.JSSEImplementation - Error getting factory: org.apache.tomcat.util.net.jsse.JSSE15Factory java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jsse.JSSE15Factory 3. ERROR main org.apache.coyote.http11.Http11BaseProtocol - Error initializing endpoint java.io.IOException: Keystore was tampered with, or password was incorrect 4. ERROR main org.apache.catalina.startup.Catalina - Catalina.start LifecycleException: Protocol handler initialization failed: java.io.IOException: Keystore was tampered with, or password was incorrect Now from reading I think the first is unimportant because it should be using a JSSE and not PureTLS implementation. The second would look worrying then, and could mean I'm running with the wrong JSSE version (I'm using the one that shipped with Tomcat 5.5 and a Java 5 JRE). The 3rd & 4th are the same and are the ones really messing with me. As you can see below..the keystore password used in generation and in the server.xml are the same so that one has got me. Does this look like a JSSE version issue or have I missed something much more simple ? ------------------------------- Log of console session in which I generated the keystore: C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf>"C:\Program Files\Java\j2re1.4.2_14\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore .keystore Enter keystore password: t0mcat What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: Dev Env What is the name of your organization? [Unknown]: Codefarm What is the name of your City or Locality? [Unknown]: Repton What is the name of your State or Province? [Unknown]: NSW What is the two-letter country code for this unit? [Unknown]: AU Is CN=localhost, OU=Dev Env, O=Codefarm, L=Repton, ST=NSW, C=AU correct? [no]: y Enter key password for <tomcat> (RETURN if same as keystore password): C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf> ------------------------------- The server.xml connector: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/Program Files/Apache Software Foundation/Tomcat 5.5/conf/.keystore" keytorePass="t0mcat" /> --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
