[Bug 133] New: Tomcat+SSL: Invalid keystore format

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Wed Apr 2 08:42:10 PDT 2008 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=133

           Summary: Tomcat+SSL: Invalid keystore format
           Product: IcedTea
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: IcedTea
        AssignedTo: unassigned at icedtea.classpath.org
        ReportedBy: beuc at beuc.net


Under Debian Etch, I compiled IcedTea6 (17 march), and installed tomcat5.5.

I configured it to run with SSL:
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA
-keystore /usr/share/tomcat5.5/.keystore
# passwd: changeit
sudo chown tomcat55: /usr/share/tomcat5.5/.keystore
sudo chmod 600 /usr/share/tomcat5.5/.keystore
# Simulate Fedora path for now:
sudo mkdir -p /etc/pki/tls/certs/
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
# Modify /etc/tomcat5.5/server.xml and uncomment "Define a SSL HTTP/1.1
Connector on port 8443"

Relevant config:
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

On startup I get:

...
INFO: Initialisation de Coyote HTTP/1.1 sur http-8180
2 avr. 2008 16:55:26 org.apache.coyote.http11.Http11BaseProtocol init
GRAVE: Erreur à l'initialisation du point de contact
java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
        at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1201)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:256)
        at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:174)
        at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:111)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
        at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
        at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138)
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
2 avr. 2008 16:55:26 org.apache.catalina.startup.Catalina load
GRAVE: Catalina.start
LifecycleException:  L'initialisation du gestionnaire de protocole a échoué:
java.io.IOException: Invalid keystore format
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
2 avr. 2008 16:55:26 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1987 ms
2 avr. 2008 16:55:27 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
...


When using Sun's JRE 1.5 instead, it works fine (without modifying the
keystore).

I see this also reported at:
http://www.mail-archive.com/users@tomcat.apache.org/msg40851.html
where the user installed JRE 1.6 instead of IcedTea to make things work.

I don't see this bug reported in bugzilla (search "keystore" returned zarro
bugs), so I'm reporting it.


-- 
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the distro-pkg-dev mailing list