[Last Call] Learn how to a build a cloud-first strategyRegister Now


SSL tomcat configuration

Posted on 2006-05-10
Medium Priority
Last Modified: 2008-10-27
Hi Experts! Please help out Project deadline approaching

To configure SSL on tomcat, i am done the following(as shown on http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html):
1.)I create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:
2.) I am using jdk5 so no need to download jsse.

3.) my ".storekey" looks as follow:
<Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="C:\Documents and Settings\myName\.keystore"

MY PROBLEM: I am getting the exception below:

SEVERE: Error initializing endpoint
java.io.IOException: Cannot recover key
      at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:127)
      at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:259)
      at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:137)
      at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.java:1429)
      at org.apache.catalina.core.StandardService.initialize(StandardService.java:609)
      at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2384)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:507)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:250)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:424)
May 10, 2006 4:13:06 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: java.io.IOException: Cannot recover key
      at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.java:1431)
Question by:komlaaa
  • 2
LVL 19

Accepted Solution

actonwang earned 1600 total points
ID: 16654929
This has to do with the password used for the SSL private key.There is a restriction in the Tomcat server that the password forthe SSL key must be identical to the password for the keystore.(This restriction is currently not mentioned in the Installationand Configuration Guide.)

You can fix this by changing the password of your SSL key using the 'keytool' command line tool. At the command prompt change to the keystore directory (by default this is the Ponton X/P installationdirectory) and type the following:

keytool -keypasswd -alias tomcat -keystore ssl-keystore

The key to will ask you for the old password and then the new password. Change the key password to the default password 'changeit' - that should solve the problem.

Note: 'changeit' is the default password for the SSL keystore. If you decide to use a different keystore password, please note that you will need to specify this in the Tomcat configuration file server.xml.

LVL 19

Expert Comment

ID: 16655076
Actually, you need to issue:

keytool -keypasswd -alias tomcat

then change the key password to "changeit" which is identical to the password for the keystore.

I assumed that you gave password of keystore as "changeit" as you specified in the server.xml.

It should do it.

Ok. Enjoy and be relaxed :)


Author Comment

ID: 16687253
you are right actonwang. my bad, i did not provide the same password twice during the account setup process.

Your are good

thanks again

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
Social messanging services like WhatsApp and Facebook can help businesses in ways that many owners don't even imagine, giving new opportunities to connect with customers. Discover some of the most innovative things they can do for your company.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question