HTTPS connection fails (SSL) - wrong keystore password

Problem

If the keystore password is wrong, an error message will be logged for the runnable:

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-23456"]

java.io.IOException: Keystore was tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)

at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)

at java.security.KeyStore.load(KeyStore.java:1445)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:429)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:328)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:586)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)

at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)

at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)

at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)

at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)

at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

at org.apache.catalina.startup.Catalina.load(Catalina.java:638)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:497)

at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

Caused by: java.security.UnrecoverableKeyException: Password verification failed

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)

... 25 more

Solution

Provide the proper keystore password using the connector.https.keystorePass configure parameter:

By default, Apache TomcatTM uses changeit as both the keystore and the key password. If you follow the general recommendation, your keystore should have different passwords. If you only set the key password, Apache TomcatTM will also use it as keystore password. Only if key and keystore passwords differ, you must set both parameters.

Follow this procedure to change the key and keystore passwords.

Procedure

  1. Start ARIS Cloud Controller on your ARIS Publisher Server.
  2. Enter: stop businesspublisher_<s, m, or l>

    The runnable will be stopped.

  3. Enter: reconfigure businesspublisher_<s, m, or l> connector.https.keyPass=<key password> connector.https.keystorePass=<keystore password>

    for example reconfigure businesspublisher_m connector.https.keyPass="g3h31m" connector.https.keystorePass="g3h31m3r"

    In this example quotes are not strictly necessary. Quotes are necessary for strong passwords containing special characters.

  4. Enter: start businesspublisher_<s, m, or l>

The key and keystore passwords are set.