alexatsearidge
asked on
Invalid keystore format in Tomcat 5.5
I'm trying to get an SSL connection for my JSP Login page so the password and login name are sent encrypted and not plain-text, so far i've had no luck with http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
i've followed all the steps and still seem to get this same error.
OS: Fedora 8
IDE: Netbeans 6.1
JDK: 1.4.2(must use)
Tomcat: 5.5.27(must use)
Some things i've tried are using different keytools(because fedora has the wierd 1.7 iced tea java), tried moving the default keystore and setting the location in the <connector/> in server.xml
am i missing some small setting in tomcat's server.xml?
{
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true "
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
}
i've followed all the steps and still seem to get this same error.
OS: Fedora 8
IDE: Netbeans 6.1
JDK: 1.4.2(must use)
Tomcat: 5.5.27(must use)
Some things i've tried are using different keytools(because fedora has the wierd 1.7 iced tea java), tried moving the default keystore and setting the location in the <connector/> in server.xml
am i missing some small setting in tomcat's server.xml?
{
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
}
SEVERE: Error starting endpoint
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:651)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at java.security.KeyStore.load(KeyStore.java:1202)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:261)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:175)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313)
at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76)
at org.apache.catalina.connector.Connector.start(Connector.java:1090)
at org.apache.catalina.core.StandardService.start(StandardService.java:457)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:623)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
I don't see where you've specified the keystore location in your server.xml? That might be why you're getting a complaint about invalid keystore format -- it's looking in a default place and not finding it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hmm, I've tried to add those lines but I am still getting the same errors...
I'm pretty sure its a Fedora/Java thing, I've tried it on RHEL 5.1 with the default tomcat(says "5") and java("1.4.2") but its giving me different errors
(Red Hat Enterprise Linux is the target OS to run on)
I'm pretty sure its a Fedora/Java thing, I've tried it on RHEL 5.1 with the default tomcat(says "5") and java("1.4.2") but its giving me different errors
(Red Hat Enterprise Linux is the target OS to run on)
14-Jan-09 9:52:18 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
14-Jan-09 9:52:19 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Exception trying to load keystore /usr/share/tomcat5/.keystore
java.security.KeyStoreException: JKS
at java.security.KeyStore.getInstance(libgcj.so.7rh)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
14-Jan-09 9:52:19 AM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/.keystore: JKS
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
14-Jan-09 9:52:19 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/.keystore: JKS
at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
at java.lang.reflect.Method.invoke(libgcj.so.7rh)
at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
14-Jan-09 9:52:19 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 11872 ms
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Link to a discussion of keystore and iced tea java:
http://www.nabble.com/Invalid-Keystore-Format-Exception-td15175951.html
http://www.nabble.com/Invalid-Keystore-Format-Exception-td15175951.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>and it works...
Great! I'm glad that worked for you. Odd about the problems with the Iced Tea Java, but it was an early release of the open source Java, so it is probably better -- at that release level -- to go with the standard Java anyway.
Great! I'm glad that worked for you. Odd about the problems with the Iced Tea Java, but it was an early release of the open source Java, so it is probably better -- at that release level -- to go with the standard Java anyway.
tomcat can behave curiously even with 1.4.2 JRE.. it can work but the details are fully covered on the apache website. glad it works.
It's great that you found your solution, but you got a lot of help from the experts. I think points should be awarded to everyone who helped you through this.
ASKER
OK sorry this took so long. splitting up points between mrcoffee365, Kuldeepchaturvedi, and sr1xxon
Closing the question does not give points to the experts. You need to accept answers from the 3 experts and split the points.
Try the Help section for how to assign points.
Go to https://www.experts-exchange.com/help.jsp
Click on Points, then "Can I split points?"
That will tell you how to assign points to the experts.
Go to https://www.experts-exchange.com/help.jsp
Click on Points, then "Can I split points?"
That will tell you how to assign points to the experts.
Thanks for documenting the closing. Where is the link to the "actual closing attempt"? It wasn't in the emails I received.
Thanks. I didn't see it, but I'll try viewing it with IE next time this kind of thing comes up.