Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 48333 invoked from network); 15 Oct 2007 09:06:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Oct 2007 09:06:41 -0000 Received: (qmail 89685 invoked by uid 500); 15 Oct 2007 09:06:15 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 89658 invoked by uid 500); 15 Oct 2007 09:06:15 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 89647 invoked by uid 99); 15 Oct 2007 09:06:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Oct 2007 02:06:15 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of werner_schalk@gmx.de designates 213.165.64.20 as permitted sender) Received: from [213.165.64.20] (HELO mail.gmx.net) (213.165.64.20) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 15 Oct 2007 09:06:17 +0000 Received: (qmail invoked by alias); 15 Oct 2007 09:05:55 -0000 Received: from p54B268D1.dip.t-dialin.net (HELO odeon) [84.178.104.209] by mail.gmx.net (mp004) with SMTP; 15 Oct 2007 11:05:55 +0200 X-Authenticated: #15379541 X-Provags-ID: V01U2FsdGVkX18aWlNPLr4aro4IF9uLZzo5/FMJPTNSMlgfH8Om1r laZn9shUmm32Wx Message-ID: <001001c80f0a$97f7d3f0$1801a8c0@odeon> From: "Werner Schalk" To: "Tomcat Users List" , "Martin Gainty" References: <000801c80de9$17031c40$0301a8c0@odeon> <000601c80e49$3be983e0$0301a8c0@odeon> Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format" Date: Mon, 15 Oct 2007 11:05:54 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-Y-GMX-Trusted: 0 X-Virus-Checked: Checked by ClamAV on apache.org Dear Martin, dear list, it is not really working, to be honest. Here is what I did: 1. step: Deletion of the old keystore, generation of a new one: debian:~# rm /tmp/tomcat.keystore debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore Enter key store password: secret Enter key password for : secret You are about to enter information that will be incorporated into your certificate request. This information is what is called a Distinguished Name or DN. There are quite a few fields but you can use supplied default values, displayed between brackets, by just hitting , or blank the field by entering the <.> character before hitting . Common Name (hostname, IP, or your name): localhost Organization Name (company) [The Sample Company]: My Company Organizational Unit Name (department, division): My division Locality Name (city, district) [Sydney]: Munich State or Province Name (full name) [NSW]: Baveria Country Name (2 letter code) [AU]: DE 2. step: Configuration of server.xml, addition of a new connector Now when starting Tomcat 5.5.25, I get the following error message in catalina.out: 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector SEVERE: Protocol handler instantiation failed: java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol 01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize SEVERE: Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377) at org.apache.catalina.connector.Connector.getProperty(Connector.java:302) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:970) at org.apache.catalina.connector.Connector.initialize(Connector.java:998) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:1011) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) 01-Oct-2007 05:48:55 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 01-Oct-2007 05:48:55 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.25 01-Oct-2007 05:48:55 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 01-Oct-2007 05:48:56 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:48:57 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:48:57 org.apache.catalina.connector.Connector start INFO: Cannot register MBean for the Protocol 01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.lang.NullPointerException at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start INFO: Server startup in 2298 ms 3. step: Rather than using a non-blocking http connector, I also tried a blocking one which results in the "invalid keystore" error message again. 01-Oct-2007 05:50:02 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init SEVERE: Error initializing endpoint java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:139) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) 01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.initialize(Connector.java:1019) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) 01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1471 ms 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.25 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start SEVERE: Error starting endpoint java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76) at org.apache.catalina.connector.Connector.start(Connector.java:1090) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start INFO: Server startup in 2351 ms Any ideas what I might have done wrong? Thanks and bye, Werner ----- Original Message ----- From: "Martin Gainty" To: "Tomcat Users List" Sent: Sunday, October 15, 2000 5:48 PM Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format" > My suggestion is to regen the keystore > and write down all the parameters (alias/keyalg) you specified so you can > supply to the connector > since you want to place the keystore in a different location use > > $JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore > /tmp/tomcat.keystore > write down the password (defaults to "changeit") > > and then configure your SSL connector > > sslProtocol stays as TLS unless IBM when you specify SSL > clientAuth is true only when you want tomcat to require all SSL clients to > present client cert to use this socket > SSLEnabled will require scheme and isSecure attributes to be set and > passed > to servlet > keystoreType stays as JKS unless otherwise specified above > ciphers specified only as needed > algorithm stays as SunX509 unless using IBM JVM when value is assigned > IbmX509 > keyAlias uniquely identifies key within KeyStore (only specify when more > than 1 key in KeyStore) > > <-- > Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 --> > > <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port > 8443 --> > Step by step instructions available here > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html > > Anything missed? > Martin > ----- Original Message ----- > From: "Werner Schalk" > To: "Martin Gainty" ; "Tomcat Users List" > > Sent: Sunday, October 14, 2007 6:01 AM > Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format" > > >> Hello, >> >> as I said in my original mail, the problem still persists when I define > the >> keystore file as /tmp/tomcat.keystore for instance. Any ideas? >> >> Thanks. >> >> Best regards, >> Werner >> >> ----- Original Message ----- >> From: "Martin Gainty" >> To: >> Sent: Sunday, October 15, 2000 1:35 AM >> Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format" >> >> >> > Werner--- >> > >> > http://tomcat.apache.org/tomcat-5.5-doc/config/http.html >> > configure your SSL connector to define the path to your keystore file >> > (default is .keystore) >> > keystoreFile= >> > >> > Martin-- >> > ----- Original Message ----- >> > From: "Werner Schalk" >> > To: "Tomcat Users List" >> > Sent: Saturday, October 13, 2007 6:33 PM >> > Subject: Tomcat 5.5.25, SSL and "invalid keystore format" >> > >> > >> >> Hello, >> >> >> >> I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and >> >> thus >> >> downloaded a binary version of Tomcat from the Tomcat website. >> >> Now I tried to create a keystore: >> >> >> >> # keytool -genkey -v -keyalg RSA >> >> >> >> The server.xml is as follows: >> >> >> >> > >> maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" >> >> enableLookups="false" disableUploadTimeout="true" >> >> acceptCount="100" scheme="https" secure="true" >> >> clientAuth="false" sslProtocol="TLS" /> >> >> >> >> The error message in the log I am getting is: >> >> >> >> SEVERE: Catalina.start: >> >> LifecycleException: service.getName(): "Catalina"; Protocol handler >> > start >> >> failed: java.io.IOException: Invalid keystore format >> >> at >> >> org.apache.catalina.connector.Connector.start(Connector.java:1097) >> >> at >> >> > org.apache.catalina.core.StandardService.start(StandardService.java:457) >> >> at >> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700) >> >> at > org.apache.catalina.startup.Catalina.start(Catalina.java:552) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> >> >> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 >> > ) >> >> at >> >> >> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl >> > java:25) >> >> at java.lang.reflect.Method.invoke(Method.java:597) >> >> at >> >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) >> >> at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) >> >> >> >> What is causing this problem? Why is the keystore not valid? Has this > to >> > do >> >> with the APR or something? How would I need to create >> >> a keystore then to make it work in Tomcat? I also tried to specify the >> >> keystore location and name but that doesn't change anything...any > ideas? >> >> >> >> Thank you. >> >> >> >> Best regards, >> >> Werner. >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To start a new topic, e-mail: users@tomcat.apache.org >> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> >> >> >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org