Re: Tomcat 5.5.25, SSL and invalid keystore format
Werner, After having the same problem, I discovered that by default keytool defaults to GNU Classpath, whereas what you want is Java's identically-named keytool. Try this: $JAVA/keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore Where $JAVA is your java install's bin directory. Good luck. Werner Schalk wrote: debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore -- View this message in context: http://www.nabble.com/Tomcat-5.5.25%2C-SSL-and-%22invalid-keystore-format%22-tf4619882.html#a13350116 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Fw: Tomcat 5.5.25, SSL and invalid keystore format
Hello, is anyone able to help me with this? I can't get SSL to work on Tomcat 5.5.25, I am still getting the Invalid keystore format or class not found error. Anyone response is greatly appreciated. Thank you. Cheers, Werner. - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Monday, October 15, 2007 11:05 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Dear Martin, dear list, it is not really working, to be honest. Here is what I did: 1. step: Deletion of the old keystore, generation of a new one: debian:~# rm /tmp/tomcat.keystore debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore Enter key store password: secret Enter key password for tomcat: secret You are about to enter information that will be incorporated into your certificate request. This information is what is called a Distinguished Name or DN. There are quite a few fields but you can use supplied default values, displayed between brackets, by just hitting Enter, or blank the field by entering the . character before hitting Enter. Common Name (hostname, IP, or your name): localhost Organization Name (company) [The Sample Company]: My Company Organizational Unit Name (department, division): My division Locality Name (city, district) [Sydney]: Munich State or Province Name (full name) [NSW]: Baveria Country Name (2 letter code) [AU]: DE 2. step: Configuration of server.xml, addition of a new connector Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true keyAlias=tomcat SSLEnabled=true keystoreFile=/tmp/tomcat.keystore keystorePass=secret clientAuth=false sslProtocol=TLS/ Now when starting Tomcat 5.5.25, I get the following error message in catalina.out: 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector init SEVERE: Protocol handler instantiation failed: java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol 01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize SEVERE: Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377) at org.apache.catalina.connector.Connector.getProperty(Connector.java:302) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:970) at org.apache.catalina.connector.Connector.initialize(Connector.java:998) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:1011) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432
Re: Fw: Tomcat 5.5.25, SSL and invalid keystore format
not sure how you can use the NIO connector in Tomcat 5.5.25, it wasn't added until Tomcat 6.0 Filip Werner Schalk wrote: Hello, is anyone able to help me with this? I can't get SSL to work on Tomcat 5.5.25, I am still getting the Invalid keystore format or class not found error. Anyone response is greatly appreciated. Thank you. Cheers, Werner. - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Monday, October 15, 2007 11:05 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Dear Martin, dear list, it is not really working, to be honest. Here is what I did: 1. step: Deletion of the old keystore, generation of a new one: debian:~# rm /tmp/tomcat.keystore debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore Enter key store password: secret Enter key password for tomcat: secret You are about to enter information that will be incorporated into your certificate request. This information is what is called a Distinguished Name or DN. There are quite a few fields but you can use supplied default values, displayed between brackets, by just hitting Enter, or blank the field by entering the . character before hitting Enter. Common Name (hostname, IP, or your name): localhost Organization Name (company) [The Sample Company]: My Company Organizational Unit Name (department, division): My division Locality Name (city, district) [Sydney]: Munich State or Province Name (full name) [NSW]: Baveria Country Name (2 letter code) [AU]: DE 2. step: Configuration of server.xml, addition of a new connector Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true keyAlias=tomcat SSLEnabled=true keystoreFile=/tmp/tomcat.keystore keystorePass=secret clientAuth=false sslProtocol=TLS/ Now when starting Tomcat 5.5.25, I get the following error message in catalina.out: 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector init SEVERE: Protocol handler instantiation failed: java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol 01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize SEVERE: Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377) at org.apache.catalina.connector.Connector.getProperty(Connector.java:302) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:970) at org.apache.catalina.connector.Connector.initialize(Connector.java:998) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:1011) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java
Re: Tomcat 5.5.25, SSL and invalid keystore format
As Filip has already pointed out, the Nio Connector is only available with TC 6.0.x+. Otherwise, I can's suggest much except to set JAVA_OPTS=-Djavax.net.debug=ssl before launching Tomcat. You could also set the logging level to DEBUG (which is FINE for JUL logging) for the category org.apache.tomcat.util.net, but I doubt it will produce anything interesting. You could also check if keytool can actually list the contents of your keystore. Werner Schalk [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, is anyone able to help me with this? I can't get SSL to work on Tomcat 5.5.25, I am still getting the Invalid keystore format or class not found error. Anyone response is greatly appreciated. Thank you. Cheers, Werner. - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Monday, October 15, 2007 11:05 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Dear Martin, dear list, it is not really working, to be honest. Here is what I did: 1. step: Deletion of the old keystore, generation of a new one: debian:~# rm /tmp/tomcat.keystore debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore /tmp/tomcat.keystore Enter key store password: secret Enter key password for tomcat: secret You are about to enter information that will be incorporated into your certificate request. This information is what is called a Distinguished Name or DN. There are quite a few fields but you can use supplied default values, displayed between brackets, by just hitting Enter, or blank the field by entering the . character before hitting Enter. Common Name (hostname, IP, or your name): localhost Organization Name (company) [The Sample Company]: My Company Organizational Unit Name (department, division): My division Locality Name (city, district) [Sydney]: Munich State or Province Name (full name) [NSW]: Baveria Country Name (2 letter code) [AU]: DE 2. step: Configuration of server.xml, addition of a new connector Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true keyAlias=tomcat SSLEnabled=true keystoreFile=/tmp/tomcat.keystore keystorePass=secret clientAuth=false sslProtocol=TLS/ Now when starting Tomcat 5.5.25, I get the following error message in catalina.out: 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector init SEVERE: Protocol handler instantiation failed: java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol 01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize SEVERE: Error registering connector java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377) at org.apache.catalina.connector.Connector.getProperty(Connector.java:302) at org.apache.catalina.connector.Connector.createObjectName(Connector.java:970) at org.apache.catalina.connector.Connector.initialize(Connector.java:998) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) java.lang.NullPointerException at org.apache.catalina.connector.Connector.initialize(Connector.java:1011) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java
Re: Tomcat 5.5.25, SSL and invalid keystore format
-2007 05:50:02 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1471 ms 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.25 01-Oct-2007 05:50:02 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8180 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8170 01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start SEVERE: Error starting endpoint java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76) at org.apache.catalina.connector.Connector.start(Connector.java:1090) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) 01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start INFO: Server startup in 2351 ms Any ideas what I might have done wrong? Thanks and bye, Werner - Original Message - From: Martin Gainty [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 15, 2000 5:48 PM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format My suggestion is to regen the keystore and write down all the parameters (alias/keyalg) you specified so you can supply to the connector since you want to place the keystore in a different location use $JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore /tmp/tomcat.keystore write down the password (defaults to changeit) and then configure your SSL connector sslProtocol stays as TLS unless IBM when you specify SSL clientAuth is true only when you want tomcat to require all SSL clients to present client cert to use this socket SSLEnabled will require scheme and isSecure attributes to be set and passed to servlet keystoreType stays as JKS unless otherwise specified above ciphers specified only as needed algorithm stays as SunX509 unless using IBM JVM when value is assigned IbmX509 keyAlias uniquely identifies key within KeyStore (only specify when more than 1 key in KeyStore) !-- uncomment both of these in server.xml and configure
Re: Tomcat 5.5.25, SSL and invalid keystore format
Hello, as I said in my original mail, the problem still persists when I define the keystore file as /tmp/tomcat.keystore for instance. Any ideas? Thanks. Best regards, Werner - Original Message - From: Martin Gainty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 15, 2000 1:35 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Werner--- http://tomcat.apache.org/tomcat-5.5-doc/config/http.html configure your SSL connector to define the path to your keystore file (default is .keystore) keystoreFile= Martin-- - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, October 13, 2007 6:33 PM Subject: Tomcat 5.5.25, SSL and invalid keystore format Hello, I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and thus downloaded a binary version of Tomcat from the Tomcat website. Now I tried to create a keystore: # keytool -genkey -v -keyalg RSA The server.xml is as follows: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / The error message in the log I am getting is: SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) What is causing this problem? Why is the keystore not valid? Has this to do with the APR or something? How would I need to create a keystore then to make it work in Tomcat? I also tried to specify the keystore location and name but that doesn't change anything...any ideas? Thank you. Best regards, Werner. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.25, SSL and invalid keystore format
My suggestion is to regen the keystore and write down all the parameters (alias/keyalg) you specified so you can supply to the connector since you want to place the keystore in a different location use $JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore /tmp/tomcat.keystore write down the password (defaults to changeit) and then configure your SSL connector sslProtocol stays as TLS unless IBM when you specify SSL clientAuth is true only when you want tomcat to require all SSL clients to present client cert to use this socket SSLEnabled will require scheme and isSecure attributes to be set and passed to servlet keystoreType stays as JKS unless otherwise specified above ciphers specified only as needed algorithm stays as SunX509 unless using IBM JVM when value is assigned IbmX509 keyAlias uniquely identifies key within KeyStore (only specify when more than 1 key in KeyStore) !-- uncomment both of these in server.xml and configure as necessary Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -- !-- Connector protocol=org.apache.coyote.http11.Http11Protocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/tmp/tomcat.keystore keystorePass=changeit clientAuth=false sslProtocol=TLS/ -- -- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -- !-- Connector protocol=org.apache.coyote.http11.Http11NioProtocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/tmp/tomcat.keystore keystorePass=changeit clientAuth=false sslProtocol=TLS/ --Step by step instructions available here http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Anything missed? Martin - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Martin Gainty [EMAIL PROTECTED]; Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 14, 2007 6:01 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Hello, as I said in my original mail, the problem still persists when I define the keystore file as /tmp/tomcat.keystore for instance. Any ideas? Thanks. Best regards, Werner - Original Message - From: Martin Gainty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 15, 2000 1:35 AM Subject: Re: Tomcat 5.5.25, SSL and invalid keystore format Werner--- http://tomcat.apache.org/tomcat-5.5-doc/config/http.html configure your SSL connector to define the path to your keystore file (default is .keystore) keystoreFile= Martin-- - Original Message - From: Werner Schalk [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, October 13, 2007 6:33 PM Subject: Tomcat 5.5.25, SSL and invalid keystore format Hello, I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and thus downloaded a binary version of Tomcat from the Tomcat website. Now I tried to create a keystore: # keytool -genkey -v -keyalg RSA The server.xml is as follows: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / The error message in the log I am getting is: SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) What is causing this problem? Why is the keystore not valid? Has this to do with the APR or something? How would I need to create a keystore then to make it work in Tomcat? I also tried to specify the keystore location and name but that doesn't change anything...any ideas? Thank you. Best regards, Werner
Tomcat 5.5.25, SSL and invalid keystore format
Hello, I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and thus downloaded a binary version of Tomcat from the Tomcat website. Now I tried to create a keystore: # keytool -genkey -v -keyalg RSA The server.xml is as follows: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / The error message in the log I am getting is: SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.start(Connector.java:1097) at org.apache.catalina.core.StandardService.start(StandardService.java:457) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) What is causing this problem? Why is the keystore not valid? Has this to do with the APR or something? How would I need to create a keystore then to make it work in Tomcat? I also tried to specify the keystore location and name but that doesn't change anything...any ideas? Thank you. Best regards, Werner. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]