Seems strange.
Agreed - It used to be real easy :-)
Can you send a keystore file that you generated along with
the passwords you used for the keystore as well as the key (you can generate
one with password "secret" say)?
Absolutely - Thanks for being so helpful. Here's what I did:
[EMAIL PROTECTED] ~]$ rm .keystore
[EMAIL PROTECTED] ~]$ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-storetype JKS
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Ole Ersoy
What is the name of your organizational unit?
[Unknown]: Zippy Chicken Butt
What is the name of your organization?
[Unknown]: leisure engineering
What is the name of your City or Locality?
[Unknown]: nice
What is the name of your State or Province?
[Unknown]: monaco
What is the two-letter country code for this unit?
[Unknown]: FR
Is CN=Ole Ersoy, OU=Zippy Chicken Butt, O=leisure engineering, L=nice,
ST=monaco, C=FR correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
[EMAIL PROTECTED] ~]$ vi .keystore
Which results in this file:
[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@^B»0<82>^B·0^N^F
[EMAIL PROTECTED]<82>^B£6ç»ø¯ö§ÔU<93>³
<9a>^Ptã<90>A<96>GUÒ±¥^GþÞ^AîUÝRÐd<9d>bã;<9d>½^G^Kp<87>âÍö<83>ñ<8d>f³ûFNVÚÜv>^V<9f>ÎoÔO^[^B^VÒG<93>¸<95>¸^[^F'Hf<88>óT]ª<91>^]<8c>âÃò<85>Àß
ot^C^H(ÿv^N¦<81>F^Vát<85>3^HòÐÜ°î^^]T4<9c>|ñ\^D<94>p)t_^GH}`ðV<9c>ºï<8a>:^\^?®^^<82>Ý£^U"äø<85>lñ<98>\<9a>¿Ñi^?^^¤ª<9e>¤5;Þ=<9a>ê+^Z^NÑ^[^L<8c><9f>gÐÕ(ç^\^LRf½^Xj#\Ae^3^Hüto^N¬3ÎÙF<9e>:w<9c>^Z¹kò<8a>Ë©v-^XØb<8a>T^^2N;om¿Ì<98>ð<82>É+TÛ<9c><84>9<87>^^×zó#Í^Kt^F^N^M<87>^N^g<9b>ö^Kä^V,íÞÑk·:^C<98>ìI^S<88>Úd
éÙ<8d>^O³eµ;ìjË<9d>jB^\ét)Ê<8f>^Q[m>ñê7^B^QK^]±Åñ<<Ê·,w^C[cüéça<93>"<9d>¤<97>¼8ÿ÷^LDãLÍ<85>v}<8a>î§^^Sá¦Ð öpè[¢<95>¶¿)+<8e>Ì<81>Ô!Ñ¡f4=^N^HÊÓã^U Ñ©4Õ½û^N<9b>òZ+<98>u<8c>^?ã½ï<9a>`R<94>?m^Qr%<87>"<84><93><86>¬\<9e>î^K\^[6ýÝÃ`eÕ-aðf^Hô4b¦<98>0úø<80> oÖÙE<9a>[EMAIL
PROTECTED]@!Vj^[¾ä4öCä<8d><93><94>8Ò^?^LS-$<91>^[À¸2å®ô<95>2 Ö¶ÿ%ÒÜ´^K¾øõºþÃ*d2ÖGµ<8d>°Ö<94><9b><84>^H[Ù»§-p,ÅV=<9f>µ^ZÆ]ü<8f><94><8f>+-àç¹aâ?^WpÈ^^^P··Øb·<9b>jý0<9c>[EMAIL PROTECTED] vÝ7°sàS1^[Ã^Y2<9c>r^W4Re`,ÿ}¸·"¾©æºÈôùý#Cö¤<95>Oï- HÐ^\<96>`B^\drZ2Òÿª^M¡Ü¶°7^[9Ê<98><88>^Zpæö
Ó̧<8e>:áÆÁÕ¥ÇM<84>^QÂ`¯Må<91><89><8a>[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@^B<96>0<82>^B<92>0<82>^Aû ^C^B^A^B^B^DG <9f>¸0^M^F *<86>H<86>[EMAIL PROTECTED]|1^K0 ^F^CU^D^F^S^BFR1^O0^M^F^CU^D^H^S^Fmonaco1^M0^K^F^CU^D^G^S^Dnice1^\0^Z^F^CU^D
^S^Sleisure engineering1^[0^Y^F^CU^D^K^S^RZippy Chicken Butt1^R0^P^F^CU^D^C^S
Ole Ersoy0^^^W^M080130160304Z^W^M080429160304Z0|1^K0
^F^CU^D^F^S^BFR1^O0^M^F^CU^D^H^S^Fmonaco1^M0^K^F^CU^D^G^S^Dnice1^\0^Z^F^CU^D
^S^Sleisure engineering1^[0^Y^F^CU^D^K^S^RZippy Chicken Butt1^R0^P^F^CU^D^C^S Ole Ersoy0<81><9f>0^M^F *<86>H<86>[EMAIL PROTECTED]<81><8d>[EMAIL PROTECTED]<81><89>^B<81><81>[EMAIL
PROTECTED]"<91>^?¨ñp¬^O^Y<8c>¾^_<8c>ty$^K^[^[Å<82>®<92>^^A<þõ^PKùÿ%*Ã*Q<98>»^D^BÉNät<9d>¦<8f>65Ïã`mK£9xjå0NÎ<84>´Æ$^B¥<93>^T^Aq^KFÈ=^T
&<90>ÇÊ£·úúSð<8f>É/J²<8e><8a><9a>Ì<84>1äÔ}cÒÓ2³Bm¸rÅ^Lتo¸<89><97>[EMAIL PROTECTED]@W:¶UGýîOÍ·³ä¨0^M^F *<86>H<86>[EMAIL PROTECTED]<81><81>[EMAIL PROTECTED]<95>⢵ªR^X~<83><8b>í<85>Ê¿
fÿW~ÎêN^Eϱ(^^^WM3z¡^R§<8a>A^Y<9b>[EMAIL PROTECTED]
92A°»3S<8e>^P÷Ah<83>`Dÿ^N*u «A ^ö¸8<90>» ^Voä<9d>rñ]^FãC²,^E^UStÃ>GUp³Û^Kp^XüU¯õg^MV^A$ox
úEäº^K<9d>¡^F%K^H±¸Ý[)e3Bj<85>
This is the connector element in server.xml:
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/home/ole/.keystore"
keystorePass="changeit"/>
I'm running the IcedTea java that comes with Fedora 8, on Tomcat 6.0.14.
This is a fresh exception with this keystore:
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jan 30, 2008 10:08:26 AM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:651)
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at java.security.KeyStore.load(KeyStore.java:1202)
Thanks again,
- Ole
May be I can investigate if there is
something wrong with the keystore. Also, what JDK/JVM are you using?
++Vamsi
On Jan 30, 2008 8:12 PM, Ole Ersoy <[EMAIL PROTECTED]> wrote:
Hi Vamsi,
I tried:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storetype JKS
Thanks for the suggestion though,
- Ole
Vamsavardhana Reddy wrote:
May be you should use the "-storetype JKS" to be sure of the format in
which
the keystore is generated.
++Vamsi
On Jan 30, 2008 11:11 AM, Ole Ersoy <[EMAIL PROTECTED]> wrote:
Hi,
I'm trying to get SSL working real quick for some experiments, and I
did
this:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
Answered the questions, got .keystore to appear in my home directory
and
then I uncommented the SSL Connector element in server.xml and filled
out
the keystoreFile and keystorePass attributes.
Now I get this exception:
Jan 29, 2008 11:27:38 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(
JavaKeyStore.java
:651)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(
JavaKeyStore.java:56)
at java.security.KeyStore.load(KeyStore.java:1202)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(
JSSESocketFactory.java:319)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(
JSSESocketFactory.java:293)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(
JSSESocketFactory.java:444)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(
JSSESocketFactory.java:378)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(
JSSESocketFactory.java:125)
Anyone know why this is happening? I tried regenerating a few times
but
hte results are still the same.
Thanks,
- Ole
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
