Tomcat : java.io.IOException: Keystore was tampered with, or password was incorrect

Problem

Configured Tomcat’s SSL, while starting Tomcat server, it hits following exception :


14 Disember 2010 4:18:31 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Failed to load keystore type JKS with path 
c:\keystore due to Keystore was tampered with, or password was incorrect

java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        //...
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
        ... 20 more

Solution

The password in Tomcat’s “<Connector>” is NOT matched with the password you assigned to your keystore.

File : $Tomcat\conf\server.xml


 //...
  <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

 <Connector port="8443" //...
	keystorePass="password here must same with your keystore's password" />

  //...

To fix this, make sure both are using same password, and passwords are case sensitive as well :)

Reference

  1. Make Tomcat support SSL and https connection

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

avatar
5 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Mayur KavhalkarRamakrishna PVSVijaya BhaskarTomcat : java.io.IOException: Keystore was tampered with, or password was incorrect Recent comment authors
newest oldest most voted
Mayur Kavhalkar
Guest
Mayur Kavhalkar

Thanks for sharing this valuable information. This solve my problem.

Mayur Kavhalkar
Guest
Mayur Kavhalkar

Thanks for sharing this information. This solve my problem.

Ramakrishna PVS
Guest
Ramakrishna PVS

Thanks for your valuable information…..
my problem is rectified with your solution.. i got https request in my application
thanq u…………

Vijaya Bhaskar
Guest
Vijaya Bhaskar

Thanks for the advice. It worked for me. But what are the two different keystores? In what way pwd “changeit” relates to Tomcat/JDK

trackback
Tomcat : java.io.IOException: Keystore was tampered with, or password was incorrect

[…] getStore SEVERE: Failed to load keystore type JKS with path c:keystore due… [full post] mkyong Mkyong Dot Com tomcatssl 0 0 0 0 0 [14 […]