tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Werner Schalk" <werner_sch...@gmx.de>
Subject Re: Tomcat 5.5.25, SSL and "invalid keystore format"
Date Mon, 15 Oct 2007 09:05:54 GMT
Dear Martin, dear list,

it is not really working, to be honest. Here is what I did:

1. step: Deletion of the old keystore, generation of a new one:

debian:~# rm /tmp/tomcat.keystore
debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore 
/tmp/tomcat.keystore
Enter key store password: secret
Enter key password for <tomcat>: secret

You are about to enter information that will be incorporated into
your certificate request.  This information is what is called a
Distinguished Name or DN.  There are quite a few fields but you
can use supplied default values, displayed between brackets, by just
hitting <Enter>, or blank the field by entering the <.> character
before hitting <Enter>.

Common Name (hostname, IP, or your name): localhost
Organization Name (company) [The Sample Company]: My Company
Organizational Unit Name (department, division): My division
Locality Name (city, district) [Sydney]: Munich
State or Province Name (full name) [NSW]: Baveria
Country Name (2 letter code) [AU]: DE

2. step: Configuration of server.xml, addition of a new connector

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
          minSpareThreads="5" maxSpareThreads="75"
          enableLookups="true" disableUploadTimeout="true"
          acceptCount="100"  maxThreads="200"
          scheme="https" secure="true" keyAlias="tomcat" SSLEnabled="true"
          keystoreFile="/tmp/tomcat.keystore" keystorePass="secret"
          clientAuth="false" sslProtocol="TLS"/>

Now when starting Tomcat 5.5.25, I get the following error message in 
catalina.out:

01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector <init>
SEVERE: Protocol handler instantiation failed: 
java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol
01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener 
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in 
production environments was not found on the java.library.path: 
/usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize
SEVERE: Error registering connector
java.lang.NullPointerException
        at 
org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377)
        at 
org.apache.catalina.connector.Connector.getProperty(Connector.java:302)
        at 
org.apache.catalina.connector.Connector.createObjectName(Connector.java:970)
        at 
org.apache.catalina.connector.Connector.initialize(Connector.java:998)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
java.lang.NullPointerException
        at 
org.apache.catalina.connector.Connector.initialize(Connector.java:1011)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.25
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
01-Oct-2007 05:48:56 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:48:57 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:48:57 org.apache.catalina.connector.Connector start
INFO: Cannot register MBean for the Protocol
01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start 
failed: java.lang.NullPointerException
        at 
org.apache.catalina.connector.Connector.start(Connector.java:1097)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:457)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start
INFO: Server startup in 2298 ms

3. step: Rather than using a non-blocking http connector, I also tried a 
blocking one which results in the
"invalid keystore" error message again.

01-Oct-2007 05:50:02 org.apache.catalina.core.AprLifecycleListener 
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in 
production environments was not found on the java.library.path: 
/usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
        at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227)
        at 
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142)
        at 
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
        at 
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:139)
        at 
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: 
java.io.IOException: Invalid keystore format
        at 
org.apache.catalina.connector.Connector.initialize(Connector.java:1019)
        at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1471 ms
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.25
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Invalid keystore format
        at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227)
        at 
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142)
        at 
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313)
        at 
org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151)
        at 
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76)
        at 
org.apache.catalina.connector.Connector.start(Connector.java:1090)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:457)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start 
failed: java.io.IOException: Invalid keystore format
        at 
org.apache.catalina.connector.Connector.start(Connector.java:1097)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:457)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start
INFO: Server startup in 2351 ms

Any ideas what I might have done wrong?

Thanks and bye,
Werner

----- Original Message ----- 
From: "Martin Gainty" <mgainty@hotmail.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Sunday, October 15, 2000 5:48 PM
Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"


> My suggestion is to regen the keystore
> and write down all the parameters (alias/keyalg) you specified so you can
> supply to the connector
> since you want to place the keystore in a different location use
>
> $JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore
> /tmp/tomcat.keystore
> write down the password (defaults to "changeit")
>
> and then configure your SSL connector
>
> sslProtocol stays as TLS unless IBM when you specify SSL
> clientAuth is true only when you want tomcat to require all SSL clients to
> present client cert to use this socket
> SSLEnabled will require scheme and isSecure attributes to be set and 
> passed
> to servlet
> keystoreType stays as JKS unless otherwise specified above
> ciphers specified only as needed
> algorithm stays as SunX509 unless using IBM JVM when value is assigned
> IbmX509
> keyAlias uniquely identifies key within KeyStore (only specify when more
> than 1 key in KeyStore)
>
> <!-- uncomment both of these in server.xml and configure as 
> necessary--><--
> Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <!--
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
>           port="8443" minSpareThreads="5" maxSpareThreads="75"
>           enableLookups="true" disableUploadTimeout="true"
>           acceptCount="100"  maxThreads="200"
>           scheme="https" secure="true" SSLEnabled="true"
>           keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
>           clientAuth="false" sslProtocol="TLS"/>
> -->
> <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
> 8443 -->
> <!--
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
>           port="8443" minSpareThreads="5" maxSpareThreads="75"
>           enableLookups="true" disableUploadTimeout="true"
>           acceptCount="100"  maxThreads="200"
>           scheme="https" secure="true" SSLEnabled="true"
>           keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
>           clientAuth="false" sslProtocol="TLS"/>
> -->Step by step instructions available here
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
>
> Anything missed?
> Martin
> ----- Original Message -----
> From: "Werner Schalk" <werner_schalk@gmx.de>
> To: "Martin Gainty" <mgainty@hotmail.com>; "Tomcat Users List"
> <users@tomcat.apache.org>
> Sent: Sunday, October 14, 2007 6:01 AM
> Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
>
>
>> Hello,
>>
>> as I said in my original mail, the problem still persists when I define
> the
>> keystore file as /tmp/tomcat.keystore for instance. Any ideas?
>>
>> Thanks.
>>
>> Best regards,
>> Werner
>>
>> ----- Original Message -----
>> From: "Martin Gainty" <mgainty@hotmail.com>
>> To: <werner_schalk@gmx.de>
>> Sent: Sunday, October 15, 2000 1:35 AM
>> Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
>>
>>
>> > Werner---
>> >
>> > http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
>> > configure your SSL connector to define the path to your keystore file
>> > (default is .keystore)
>> > keystoreFile=
>> >
>> > Martin--
>> > ----- Original Message -----
>> > From: "Werner Schalk" <werner_schalk@gmx.de>
>> > To: "Tomcat Users List" <users@tomcat.apache.org>
>> > Sent: Saturday, October 13, 2007 6:33 PM
>> > Subject: Tomcat 5.5.25, SSL and "invalid keystore format"
>> >
>> >
>> >> Hello,
>> >>
>> >> I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and 
>> >> thus
>> >> downloaded a binary version of Tomcat from the Tomcat website.
>> >> Now I tried to create a keystore:
>> >>
>> >> # keytool -genkey -v -keyalg RSA
>> >>
>> >> The server.xml is as follows:
>> >>
>> >>    <Connector port="8443" maxHttpHeaderSize="8192"
>> >>                maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
>> >>                enableLookups="false" disableUploadTimeout="true"
>> >>                acceptCount="100" scheme="https" secure="true"
>> >>                clientAuth="false" sslProtocol="TLS" />
>> >>
>> >> The error message in the log I am getting is:
>> >>
>> >> SEVERE: Catalina.start:
>> >> LifecycleException:  service.getName(): "Catalina";  Protocol handler
>> > start
>> >> failed: java.io.IOException: Invalid keystore format
>> >>         at
>> >> org.apache.catalina.connector.Connector.start(Connector.java:1097)
>> >>         at
>> >>
> org.apache.catalina.core.StandardService.start(StandardService.java:457)
>> >>         at
>> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> >>         at
> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> >>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >>         at
>> >>
>> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
>> > )
>> >>         at
>> >>
>> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
>> > java:25)
>> >>         at java.lang.reflect.Method.invoke(Method.java:597)
>> >>         at
>> >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> >>         at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>> >>
>> >> What is causing this problem? Why is the keystore not valid? Has this
> to
>> > do
>> >> with the APR or something? How would I need to create
>> >> a keystore then to make it work in Tomcat? I also tried to specify the
>> >> keystore location and name but that doesn't change anything...any
> ideas?
>> >>
>> >> Thank you.
>> >>
>> >> Best regards,
>> >> Werner.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To start a new topic, e-mail: users@tomcat.apache.org
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>
>> >>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message