tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Gainty" <mgai...@hotmail.com>
Subject Re: Tomcat 5.5.25, SSL and "invalid keystore format"
Date Sun, 15 Oct 2000 15:48:07 GMT
My suggestion is to regen the keystore
and write down all the parameters (alias/keyalg) you specified so you can
supply to the connector
since you want to place the keystore in a different location use

$JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore
/tmp/tomcat.keystore
write down the password (defaults to "changeit")

and then configure your SSL connector

sslProtocol stays as TLS unless IBM when you specify SSL
clientAuth is true only when you want tomcat to require all SSL clients to
present client cert to use this socket
SSLEnabled will require scheme and isSecure attributes to be set and passed
to servlet
keystoreType stays as JKS unless otherwise specified above
ciphers specified only as needed
algorithm stays as SunX509 unless using IBM JVM when value is assigned
IbmX509
keyAlias uniquely identifies key within KeyStore (only specify when more
than 1 key in KeyStore)

<!-- uncomment both of these in server.xml and configure as necessary--><--
Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
-->
<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
8443 -->
<!--
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
-->Step by step instructions available here
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Anything missed?
Martin
----- Original Message -----
From: "Werner Schalk" <werner_schalk@gmx.de>
To: "Martin Gainty" <mgainty@hotmail.com>; "Tomcat Users List"
<users@tomcat.apache.org>
Sent: Sunday, October 14, 2007 6:01 AM
Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"


> Hello,
>
> as I said in my original mail, the problem still persists when I define
the
> keystore file as /tmp/tomcat.keystore for instance. Any ideas?
>
> Thanks.
>
> Best regards,
> Werner
>
> ----- Original Message -----
> From: "Martin Gainty" <mgainty@hotmail.com>
> To: <werner_schalk@gmx.de>
> Sent: Sunday, October 15, 2000 1:35 AM
> Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
>
>
> > Werner---
> >
> > http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
> > configure your SSL connector to define the path to your keystore file
> > (default is .keystore)
> > keystoreFile=
> >
> > Martin--
> > ----- Original Message -----
> > From: "Werner Schalk" <werner_schalk@gmx.de>
> > To: "Tomcat Users List" <users@tomcat.apache.org>
> > Sent: Saturday, October 13, 2007 6:33 PM
> > Subject: Tomcat 5.5.25, SSL and "invalid keystore format"
> >
> >
> >> Hello,
> >>
> >> I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and thus
> >> downloaded a binary version of Tomcat from the Tomcat website.
> >> Now I tried to create a keystore:
> >>
> >> # keytool -genkey -v -keyalg RSA
> >>
> >> The server.xml is as follows:
> >>
> >>    <Connector port="8443" maxHttpHeaderSize="8192"
> >>                maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
> >>                enableLookups="false" disableUploadTimeout="true"
> >>                acceptCount="100" scheme="https" secure="true"
> >>                clientAuth="false" sslProtocol="TLS" />
> >>
> >> The error message in the log I am getting is:
> >>
> >> SEVERE: Catalina.start:
> >> LifecycleException:  service.getName(): "Catalina";  Protocol handler
> > start
> >> failed: java.io.IOException: Invalid keystore format
> >>         at
> >> org.apache.catalina.connector.Connector.start(Connector.java:1097)
> >>         at
> >>
org.apache.catalina.core.StandardService.start(StandardService.java:457)
> >>         at
> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> >>         at
org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> >>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>         at
> >>
> >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
> > )
> >>         at
> >>
> >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
> > java:25)
> >>         at java.lang.reflect.Method.invoke(Method.java:597)
> >>         at
> >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> >>         at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> >>
> >> What is causing this problem? Why is the keystore not valid? Has this
to
> > do
> >> with the APR or something? How would I need to create
> >> a keystore then to make it work in Tomcat? I also tried to specify the
> >> keystore location and name but that doesn't change anything...any
ideas?
> >>
> >> Thank you.
> >>
> >> Best regards,
> >> Werner.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message