Tomcat : java.io.IOException: Keystore was tampered with, or password was incorrect

By mkyong | Updated: December 14, 2010

Viewed: 2,184 (+7 pv/w)

Tags: ssl tomcat

Problem

Configured Tomcat’s SSL, while starting Tomcat server, it hits following exception :

14 Disember 2010 4:18:31 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Failed to load keystore type JKS with path 
c:\keystore due to Keystore was tampered with, or password was incorrect

java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        //...
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
        ... 20 more

Solution

The password in Tomcat’s “<Connector>” is NOT matched with the password you assigned to your keystore.

File : $Tomcat\conf\server.xml

 //...
  <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

 <Connector port="8443" //...
	keystorePass="password here must same with your keystore's password" />

  //...

To fix this, make sure both are using same password, and passwords are case sensitive as well 🙂

Reference

1. Make Tomcat support SSL and https connection