tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ole Ersoy <ole.er...@gmail.com>
Subject Re: Invalid Keystore Format Exception
Date Wed, 30 Jan 2008 16:10:30 GMT
> Seems strange.  

Agreed - It used to be real easy :-)

> Can you send a keystore file that you generated along with
> the passwords you used for the keystore as well as the key (you can generate
> one with password "secret" say)?  

Absolutely - Thanks for being so helpful.  Here's what I did:

[ole@localhost ~]$ rm .keystore
[ole@localhost ~]$ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storetype JKS
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Ole Ersoy
What is the name of your organizational unit?
  [Unknown]:  Zippy Chicken Butt
What is the name of your organization?
  [Unknown]:  leisure engineering
What is the name of your City or Locality?
  [Unknown]:  nice
What is the name of your State or Province?
  [Unknown]:  monaco
What is the two-letter country code for this unit?
  [Unknown]:  FR
Is CN=Ole Ersoy, OU=Zippy Chicken Butt, O=leisure engineering, L=nice, ST=monaco, C=FR correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password):
[ole@localhost ~]$ vi .keystore

Which results in this file:

þíþí^@^@^@^B^@^@^@^A^@^@^@^A^@^Ftomcat^@^@^A^WËoóR^@^@^B»0<82>^B·0^N^F
+^F^A^D^A*^B^Q^A^A^E^@^D<82>^B£6ç»ø¯ö§ÔU<93>³
<9a>^Ptã<90>A<96>GUÒ±¥^GþÞ^AîUÝRÐd<9d>bã;<9d>½^G^Kp<87>âÍö<83>ñ<8d>f³ûFNVÚÜv>^V<9f>ÎoÔO^[^B^VÒG<93>¸<95>¸^[^F'Hf<88>óT]ª<91>^]<8c>âÃò<85>Àß
ot^C^H(ÿv^N¦<81>F^Vát<85>3^HòÐÜ°î^^]T4<9c>|ñ\^D<94>p)t_^GH}`ðV<9c>ºï<8a>:^\^?®^^<82>Ý£^U"äø<85>lñ<98>\<9a>¿Ñi^?^^¤ª<9e>¤5;Þ=<9a>ê+^Z^NÑ^[^L<8c><9f>gÐÕ(ç^\^LRf½^Xj#\Ae^3^Hüto^N¬3ÎÙF<9e>:w<9c>^Z¹kò<8a>Ë©v-^XØb<8a>T^^2N;om¿Ì<98>ð<82>É+TÛ<9c><84>9<87>^^×zó#Í^Kt^F^N^M<87>^N^g<9b>ö^K­ä^V,íÞÑk­·:^C<98>ìI^S<88>Úd
éÙ<8d>^O³eµ;ìjË<9d>jB^\ét)Ê<8f>^Q[m>ñê7^B^QK^]±Åñ<<­Ê·,w^C[cüéça<93>"<9d>¤<97>¼8ÿ÷^LDãLÍ<85>v}<8a>î§^^Sá¦Ð
   öpè[¢<95>¶¿)+<8e>Ì<81>Ô!Ñ¡f4=^N^HÊÓã^U Ñ©4Õ½û^N<9b>òZ+<98>u<8c>^?ã½ï<9a>`R<94>?m^Qr%<87>"<84><93><86>¬\<9e>î^K\^[6ýÝÃ`­eÕ-aðf^Hô4b¦<98>0úø<80>
  oÖÙE<9a>h^@9íÜÒ@!Vj^[¾ä4öCä<8d><93><94>8Ò^?^LS-$<91>^[À¸2å®ô<95>2
     Ö¶ÿ%ÒÜ´^K¾øõºþÃ*d2ÖGµ<8d>°Ö<94><9b><84>^H[Ù»§-p,ÅV=<9f>µ^ZÆ]ü<8f><94><8f>+-àç¹aâ?^WpÈ^^^P··Øb·<9b>jý0<9c>üRh}%fê@ÃËSCÚ!S
vÝ7°sàS1^[Ã^Y2<9c>r^W4Re`,ÿ}¸·"¾©æºÈôùý#Cö¤<95>Oï-     HÐ^\<96>`B^\drZ2Òÿª^M¡Ü¶°7^[9Ê<98><88>^Zpæö
Ó̧<8e>:áÆÁÕ¥ÇM<84>^QÂ`¯Må<91><89><8a>^@^@^@^A^@^EX.509^@^@^B<96>0<82>^B<92>0<82>^Aû
^C^B^A^B^B^DG <9f>¸0^M^F       *<86>H<86>÷^M^A^A^E^E^@0|1^K0   ^F^CU^D^F^S^BFR1^O0^M^F^CU^D^H^S^Fmonaco1^M0^K^F^CU^D^G^S^Dnice1^\0^Z^F^CU^D
^S^Sleisure engineering1^[0^Y^F^CU^D^K^S^RZippy Chicken Butt1^R0^P^F^CU^D^C^S   Ole Ersoy0^^^W^M080130160304Z^W^M080429160304Z0|1^K0
   ^F^CU^D^F^S^BFR1^O0^M^F^CU^D^H^S^Fmonaco1^M0^K^F^CU^D^G^S^Dnice1^\0^Z^F^CU^D
^S^Sleisure engineering1^[0^Y^F^CU^D^K^S^RZippy Chicken Butt1^R0^P^F^CU^D^C^S   Ole Ersoy0<81><9f>0^M^F
*<86>H<86>÷^M^A^A^A^E^@^C<81><8d>^@0<81><89>^B<81><81>^@ÌÅ"<91>^?¨ñp¬^O^Y<8c>¾^_<8c>ty$^K^[^[Å<82>®<92>^^A<þõ^PKùÿ%*Ã*Q<98>»^D^BÉNät<9d>¦<8f>65Ïã`mK£9xjå0NÎ<84>´Æ$^B¥<93>^T^Aq^KFÈ=^T
&<90>ÇÊ£·úúSð<8f>É/J²<8e><8a><9a>Ì<84>1äÔ}cÒÓ2³Bm¸rÅ^Lتo¸<89><97>Î^]Õ¿Fw^B^C^A^@^A£!0^_0^]^F^CU^]^N^D^V^D^TæE^\^Dµn@W:¶UGýîOÍ·³ä¨0^M^F
 *<86>H<86>÷^M^A^A^E^E^@^C<81><81>^@k!W¯^_£¯<95>⢵ªR^X~<83><8b>í<85>Ê¿
fÿW~ÎêN^Eϱ(^^^WM3z¡^R§<8a>A^Y<9b>eÚßð^W3^@L=u»«
92A°»3S<8e>^P÷Ah<83>`Dÿ^N*u «A  ^ö¸8<90>» ^Voä<9d>rñ]^FãC²­,^E^UStÃ>GUp³Û^Kp^XüU¯õg^MV^A$ox
úEäº^K<9d>¡^F%K^H±¸Ý[)e3Bj<85>


This is the connector element in server.xml:
    <Connector port="8443"
               protocol="HTTP/1.1"
               SSLEnabled="true"
               maxThreads="150"
               scheme="https"
               secure="true"
               clientAuth="false"
               sslProtocol="TLS"
               keystoreFile="/home/ole/.keystore"
               keystorePass="changeit"/>

I'm running the IcedTea java that comes with Fedora 8, on Tomcat 6.0.14.

This is a fresh exception with this keystore:
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jan 30, 2008 10:08:26 AM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:651)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
        at java.security.KeyStore.load(KeyStore.java:1202)

Thanks again,
- Ole



> May be I can investigate if there is
> something wrong with the keystore.  Also, what JDK/JVM are you using?
> 
> ++Vamsi
> 
> On Jan 30, 2008 8:12 PM, Ole Ersoy <ole.ersoy@gmail.com> wrote:
> 
>> Hi Vamsi,
>>
>> I tried:
>> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storetype JKS
>>
>> Thanks for the suggestion though,
>> - Ole
>>
>>
>>
>> Vamsavardhana Reddy wrote:
>>> May be you should use the "-storetype JKS" to be sure of the format in
>> which
>>> the keystore is generated.
>>>
>>> ++Vamsi
>>>
>>> On Jan 30, 2008 11:11 AM, Ole Ersoy <ole.ersoy@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm trying to get SSL working real quick for some experiments, and I
>> did
>>>> this:
>>>>
>>>> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
>>>>
>>>> Answered the questions, got .keystore to appear in my home directory
>> and
>>>> then I uncommented the SSL Connector element in server.xml and filled
>> out
>>>> the keystoreFile and keystorePass attributes.
>>>>
>>>> Now I get this exception:
>>>>
>>>> Jan 29, 2008 11:27:38 PM org.apache.coyote.http11.Http11Protocol init
>>>> SEVERE: Error initializing endpoint
>>>> java.io.IOException: Invalid keystore format
>>>>        at sun.security.provider.JavaKeyStore.engineLoad(
>> JavaKeyStore.java
>>>> :651)
>>>>        at sun.security.provider.JavaKeyStore$JKS.engineLoad(
>>>> JavaKeyStore.java:56)
>>>>        at java.security.KeyStore.load(KeyStore.java:1202)
>>>>        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(
>>>> JSSESocketFactory.java:319)
>>>>        at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(
>>>> JSSESocketFactory.java:293)
>>>>        at
>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(
>>>> JSSESocketFactory.java:444)
>>>>        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(
>>>> JSSESocketFactory.java:378)
>>>>        at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(
>>>> JSSESocketFactory.java:125)
>>>>
>>>>
>>>> Anyone know why this is happening?  I tried regenerating a few times
>> but
>>>> hte results are still the same.
>>>>
>>>> Thanks,
>>>> - Ole
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message