Invalid keystore format with SSL in Tomcat 6

Posted by strauberry on Server Fault See other posts from Server Fault or by strauberry
Published on 2011-06-30T08:18:32Z Indexed on 2011/06/30 8:24 UTC
Read the original article Hit count: 1394

Filed under:
|

I'm trying to setup SSL in my local Tomcat 6 installation. For this, I followed the official How-To doing the following:

$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -alias
          tomcat -keypass changeit -storepass changeit
$JAVA_HOME/bin/keytool -export -alias tomcat -storepass
          changeit -file /root/server.crt

Then changing the $CATALINA_BASE/conf/server.xml, in-commenting this:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="/root/.keystore" keystorePass="changeit" />

After starting Tomcat, I get this Exception:

INFO: Initializing Coyote HTTP/1.1 on http-8080
30.06.2011 10:15:24 org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SCHWERWIEGEND: Failed to load keystore type JKS with path /root/.keystore
due to Invalid keystore format
java.io.IOException: Invalid keystore format
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
      at java.security.KeyStore.load(KeyStore.java:1185)

When I look into the keystore with keytool -list I get

root@host:~# $JAVA_HOME/bin/keytool -list
Enter key store password: changeit
Key store type: gkr
Key store provider: GNU-CRYPTO

Key store contains 1 entry(ies)

Alias name: tomcat
Creation timestamp: Donnerstag, 30. Juni 2011 - 10:13:40 MESZ
Entry type: key-entry
Certificate fingerprint (MD5): 6A:B9:...C:89:1C

Obviously, the keystore types are different. How can I change the type and will this fix my problem? Thank you!

© Server Fault or respective owner

Related posts about ssl-certificate

Related posts about tomcat6