You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Scott Purcell <sp...@vertisinc.com> on 2005/12/01 15:17:32 UTC

SSL InvalidKeystore Format?

Well, after wasting much time trying to get the SSL running on 5.5.12, on XP, and finding out about the bad tcnative-1.dll, I thought I was out of the woods on my SSL configuration. But it appears I have one last issue (hopefully)
Since I renamed the tcnative-1.dll, I am getting logs in regards to my SSL (I was not getting those prior, see earlier posts) and I am receiving this error: I believe I have a good keystore, because my public key from Verisign was happy with it, but for some reason, Tomcat is stikll not happy with it.
Any ideas why this error may occur?
Nov 30, 2005 10:44:53 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Nov 30, 2005 10:44:54 PM org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:256)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:174)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed: java.io.IOException: Invalid keystore format
at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1890 ms
Nov 30, 2005 10:44:54 PM org.apache.catalina.core.StandardService start 


                                                 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL InvalidKeystore Format?

Posted by Dhaval Patel <dh...@yahoo.com>.

Hi Scott,

  I am not tomcat expert as well as I can not help you about the error you are getting. 
  After Remy's last message on SSL with APR, I finally got my windows xp + tomcat 5.5.12 + APR +
SSL working. Following are the steps that I have followed:

(1) Install Tomcat 5.5.12 and make sure it is working.
(2) Download APR component (openssl.exe and tcnative-1.dll) and put it in %TOMCAT_HOME%\bin.
(http://tomcat.heanet.ie/native/1.1.0/binaries/win32/)
(3) I generated server.key and server.cert following guide at
http://www.fatofthelan.com/articles/articles.php?pid=12 .I have put them in %TOMCAT_HOME%\bin
only.
(Make sure you follow the guide. I had trouble setting openssl.exe on windows xp. The answer is on
that page only. You have to download openssl.cnf from google and place it in some folder and make
a new environment OPENSSL_CONF pointing to that file. Trust me that link is very good.)
(4) Change the server.xml in following way:
    <Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
			   scheme="https" secure="true"
               SSLEngine="on"
               SSLCertificateFile="C:\Tomcat5.5\bin\server.crt"
               SSLCertificateKeyFile="C:\Tomcat5.5\bin\server.key" />
(5) Restart the tomcat and SSL is enabled.

   I dont know if you have did the same way and you have issues. If you want to try, you can
follow the above steps on some other windows xp machine. It worked for me so it should work for
you. If you start from scratch, it may take about 30-40 mins to setup above things.

   Let me know how it goes.

Regards,
D

--- Scott Purcell <sp...@vertisinc.com> wrote:

> Well, after wasting much time trying to get the SSL running on 5.5.12, on XP, and finding out
> about the bad tcnative-1.dll, I thought I was out of the woods on my SSL configuration. But it
> appears I have one last issue (hopefully)
> Since I renamed the tcnative-1.dll, I am getting logs in regards to my SSL (I was not getting
> those prior, see earlier posts) and I am receiving this error: I believe I have a good keystore,
> because my public key from Verisign was happy with it, but for some reason, Tomcat is stikll not
> happy with it.
> Any ideas why this error may occur?
> Nov 30, 2005 10:44:53 PM org.apache.coyote.http11.Http11BaseProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-80
> Nov 30, 2005 10:44:54 PM org.apache.coyote.http11.Http11BaseProtocol init
> SEVERE: Error initializing endpoint
> java.io.IOException: Invalid keystore format
> at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
> at java.security.KeyStore.load(Unknown Source)
> at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282)
> at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:256)
> at
>
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:174)
> at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
> at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
> at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
> at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
> at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
> at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> SEVERE: Catalina.start
> LifecycleException: Protocol handler initialization failed: java.io.IOException: Invalid
> keystore format
> at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
> at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
> at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> INFO: Initialization processed in 1890 ms
> Nov 30, 2005 10:44:54 PM org.apache.catalina.core.StandardService start 
> 
> 
>                                                  
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 



		
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free. 
http://music.yahoo.com/unlimited/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org