Dear Martin, dear list,
it is not really working, to be honest. Here is what I did:
1. step: Deletion of the old keystore, generation of a new one:
debian:~# rm /tmp/tomcat.keystore
debian:~# keytool -genkey -alias tomcat -keyalg RSA -keystore
/tmp/tomcat.keystore
Enter key store password: secret
Enter key password for <tomcat>: secret
You are about to enter information that will be incorporated into
your certificate request. This information is what is called a
Distinguished Name or DN. There are quite a few fields but you
can use supplied default values, displayed between brackets, by just
hitting <Enter>, or blank the field by entering the <.> character
before hitting <Enter>.
Common Name (hostname, IP, or your name): localhost
Organization Name (company) [The Sample Company]: My Company
Organizational Unit Name (department, division): My division
Locality Name (city, district) [Sydney]: Munich
State or Province Name (full name) [NSW]: Baveria
Country Name (2 letter code) [AU]: DE
2. step: Configuration of server.xml, addition of a new connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" keyAlias="tomcat" SSLEnabled="true"
keystoreFile="/tmp/tomcat.keystore" keystorePass="secret"
clientAuth="false" sslProtocol="TLS"/>
Now when starting Tomcat 5.5.25, I get the following error message in
catalina.out:
01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector <init>
SEVERE: Protocol handler instantiation failed:
java.lang.ClassNotFoundException: org.apache.coyote.http11.Http11NioProtocol
01-Oct-2007 05:48:54 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:48:54 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:48:54 org.apache.catalina.connector.Connector initialize
SEVERE: Error registering connector
java.lang.NullPointerException
at
org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:377)
at
org.apache.catalina.connector.Connector.getProperty(Connector.java:302)
at
org.apache.catalina.connector.Connector.createObjectName(Connector.java:970)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:998)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
java.lang.NullPointerException
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1011)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.25
01-Oct-2007 05:48:55 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
01-Oct-2007 05:48:56 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:48:57 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:48:57 org.apache.catalina.connector.Connector start
INFO: Cannot register MBean for the Protocol
01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start
failed: java.lang.NullPointerException
at
org.apache.catalina.connector.Connector.start(Connector.java:1097)
at
org.apache.catalina.core.StandardService.start(StandardService.java:457)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:48:57 org.apache.catalina.startup.Catalina start
INFO: Server startup in 2298 ms
3. step: Rather than using a non-blocking http connector, I also tried a
blocking one which results in the
"invalid keystore" error message again.
01-Oct-2007 05:50:02 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/lib/jdk1.6.0_02/jre/lib/i386/client:/usr/lib/jdk1.6.0_02/jre/lib/i386:/usr/lib/jdk1.6.0_02/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:50:02 org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:139)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.io.IOException: Invalid keystore format
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1019)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
01-Oct-2007 05:50:02 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1471 ms
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.25
01-Oct-2007 05:50:02 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8180
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8170
01-Oct-2007 05:50:04 org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Invalid keystore format
at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:227)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:142)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:110)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:313)
at
org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:151)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:76)
at
org.apache.catalina.connector.Connector.start(Connector.java:1090)
at
org.apache.catalina.core.StandardService.start(StandardService.java:457)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start
failed: java.io.IOException: Invalid keystore format
at
org.apache.catalina.connector.Connector.start(Connector.java:1097)
at
org.apache.catalina.core.StandardService.start(StandardService.java:457)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
01-Oct-2007 05:50:04 org.apache.catalina.startup.Catalina start
INFO: Server startup in 2351 ms
Any ideas what I might have done wrong?
Thanks and bye,
Werner
----- Original Message -----
From: "Martin Gainty" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Sunday, October 15, 2000 5:48 PM
Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
My suggestion is to regen the keystore
and write down all the parameters (alias/keyalg) you specified so you can
supply to the connector
since you want to place the keystore in a different location use
$JAVA_HOME/bin/keytool -genkey -alias WhateverAlias -keyalg RSA - keystore
/tmp/tomcat.keystore
write down the password (defaults to "changeit")
and then configure your SSL connector
sslProtocol stays as TLS unless IBM when you specify SSL
clientAuth is true only when you want tomcat to require all SSL clients to
present client cert to use this socket
SSLEnabled will require scheme and isSecure attributes to be set and
passed
to servlet
keystoreType stays as JKS unless otherwise specified above
ciphers specified only as needed
algorithm stays as SunX509 unless using IBM JVM when value is assigned
IbmX509
keyAlias uniquely identifies key within KeyStore (only specify when more
than 1 key in KeyStore)
<!-- uncomment both of these in server.xml and configure as
necessary--><--
Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
-->
<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port
8443 -->
<!--
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/tmp/tomcat.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
-->Step by step instructions available here
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
Anything missed?
Martin
----- Original Message -----
From: "Werner Schalk" <[EMAIL PROTECTED]>
To: "Martin Gainty" <[EMAIL PROTECTED]>; "Tomcat Users List"
<users@tomcat.apache.org>
Sent: Sunday, October 14, 2007 6:01 AM
Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
Hello,
as I said in my original mail, the problem still persists when I define
the
keystore file as /tmp/tomcat.keystore for instance. Any ideas?
Thanks.
Best regards,
Werner
----- Original Message -----
From: "Martin Gainty" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, October 15, 2000 1:35 AM
Subject: Re: Tomcat 5.5.25, SSL and "invalid keystore format"
> Werner---
>
> http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
> configure your SSL connector to define the path to your keystore file
> (default is .keystore)
> keystoreFile=
>
> Martin--
> ----- Original Message -----
> From: "Werner Schalk" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Saturday, October 13, 2007 6:33 PM
> Subject: Tomcat 5.5.25, SSL and "invalid keystore format"
>
>
>> Hello,
>>
>> I am trying to setup SSL in my Tomcat 5.5.25 (on Debian Linux) and
>> thus
>> downloaded a binary version of Tomcat from the Tomcat website.
>> Now I tried to create a keystore:
>>
>> # keytool -genkey -v -keyalg RSA
>>
>> The server.xml is as follows:
>>
>> <Connector port="8443" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
>>
>> The error message in the log I am getting is:
>>
>> SEVERE: Catalina.start:
>> LifecycleException: service.getName(): "Catalina"; Protocol handler
> start
>> failed: java.io.IOException: Invalid keystore format
>> at
>> org.apache.catalina.connector.Connector.start(Connector.java:1097)
>> at
>>
org.apache.catalina.core.StandardService.start(StandardService.java:457)
>> at
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> at
org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>>
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
> )
>> at
>>
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
> java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>>
>> What is causing this problem? Why is the keystore not valid? Has this
to
> do
>> with the APR or something? How would I need to create
>> a keystore then to make it work in Tomcat? I also tried to specify the
>> keystore location and name but that doesn't change anything...any
ideas?
>>
>> Thank you.
>>
>> Best regards,
>> Werner.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
