Problem
If the keystore password is wrong, an error message will be logged for the runnable:
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-23456"]
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:429)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:328)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:586)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 25 more
Solution
:
By default, Apache TomcatTM uses changeit as both the keystore and the key password. If you follow the general recommendation, your keystore should have different passwords. If you only set the key password, Apache TomcatTM will also use it as keystore password. Only if key and keystore passwords differ, you must set both parameters.
Follow this procedure to change the key and keystore passwords.
Procedure
on your ARIS Publisher Server.
ARIS Cloud Controller can be used in multiple modes.
To start ACC under a Windows operating system click Start > All Programs > ARIS > Administration > Start ARIS Cloud Controller. If you have changed agent user credentials you must enter the user name and/or the password.
To start ACC under a Linux operating system, execute the acc10.sh shell script instead. To do so, enter: su -c acc10.sh aris10.
Enter: stop businesspublisher_<s, m, or l>
The runnable will be stopped.
Enter: reconfigure businesspublisher_<s, m, or l> connector.https.keyPass=<key password> connector.https.keystorePass=<keystore password>
for example reconfigure businesspublisher_m connector.https.keyPass="g3h31m" connector.https.keystorePass="g3h31m3r"
In this example quotes are not strictly necessary. Quotes are necessary for strong passwords containing special characters.
Enter: start businesspublisher_<s, m, or l>
The key and keystore passwords are set.
By default, Apache TomcatTM uses changeit as both the keystore and the key password. If you follow the general recommendation, your keystore should have different passwords. If you only set the key password, Apache TomcatTM will also use it as keystore password. Only if key and keystore passwords differ, you must set both parameters.
Follow this procedure to change the key and keystore passwords.
Procedure
on your ARIS Publisher Server.
ARIS Cloud Controller can be used in multiple modes.
To start ACC under a Windows operating system click Start > All Programs > ARIS > Administration > Start ARIS Cloud Controller. If you have changed agent user credentials you must enter the user name and/or the password.
To start ACC under a Linux operating system, execute the acc10.sh shell script instead. To do so, enter: su -c acc10.sh aris10.
Enter: stop businesspublisher_<s, m, or l>
The runnable will be stopped.
Enter: reconfigure businesspublisher_<s, m, or l> connector.https.keyPass=<key password> connector.https.keystorePass=<keystore password>
for example reconfigure businesspublisher_m connector.https.keyPass="g3h31m" connector.https.keystorePass="g3h31m3r"
In this example quotes are not strictly necessary. Quotes are necessary for strong passwords containing special characters.
Enter: start businesspublisher_<s, m, or l>
The key and keystore passwords are set.