Adding cert to truststore
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2012 11:00 AM
Hello,
I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the following error:
I'm trying to import a certificate into my truststore files using the following command:
Since there are several truststore files, I ran the keytool command on the following files:
The keytool imports the certificate into the truststore just fine, but once I restarted Alfresco, I am unable to log in and I get the errors above. At this point, I figured that I should add my new alias to the ssl-truststore-passwords.properties file, but I still get the exact same error.
Any ideas what I could be doing wrong? Nothing else about my Alfresco installation has changed except for the truststore files. All truststore default passwords remain unchanged.
For additional information, I'm using:
Fedora 12 64-bit
alfresco-4.0.d
MySQL 5.1.47
I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the following error:
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.social.twitter.connect.TwitterConnectionFactory]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failure initializing default SSL context at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:141) at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:108) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280) … 45 moreCaused by: java.lang.IllegalStateException: Failure initializing default SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:211) at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:333) at org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:165) at org.springframework.social.support.HttpComponentsClientHttpRequestFactory$HttpComponentsClient_4_1.getInstance(HttpComponentsClientHttpRequestFactory.java:185) at org.springframework.social.support.HttpComponentsClientHttpRequestFactory.<init>(HttpComponentsClientHttpRequestFactory.java:79) at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator$1.<init>(ClientHttpRequestFactorySelector.java:68) at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator.createRequestFactory(ClientHttpRequestFactorySelector.java:68) at org.springframework.social.support.ClientHttpRequestFactorySelector.getRequestFactory(ClientHttpRequestFactorySelector.java:44) at org.springframework.social.oauth1.OAuth1Template.createRestTemplate(OAuth1Template.java:169) at org.springframework.social.oauth1.OAuth1Template.<init>(OAuth1Template.java:92) at org.springframework.social.oauth1.OAuth1Template.<init>(OAuth1Template.java:76) at org.springframework.social.twitter.connect.TwitterServiceProvider.<init>(TwitterServiceProvider.java:31) at org.springframework.social.twitter.connect.TwitterConnectionFactory.<init>(TwitterConnectionFactory.java:28) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:126) … 47 moreCaused by: java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Invalid keystore format at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:55) at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:230) at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:190) at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:209) … 64 more
I'm trying to import a certificate into my truststore files using the following command:
/opt/alfresco-4.0.d/java/jre/bin/keytool -import -alias my.ca -file my.crt -keystore ssl.keystore -storetype JCEKS
My server DOES have another version of JAVA installed, so I made sure to explicitly use the keytool that comes with Alfresco's JAVA installation. Also, for troubleshooting purposes, I did not rename any of the passwords. Since there are several truststore files, I ran the keytool command on the following files:
/opt/alfresco-4.0.d/alf_data/keystore/ssl.truststore/opt/alfresco-4.0.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/keystore/ssl.truststore/opt/alfresco-4.0.d/java/jre/lib/security/cacerts
The keytool imports the certificate into the truststore just fine, but once I restarted Alfresco, I am unable to log in and I get the errors above. At this point, I figured that I should add my new alias to the ssl-truststore-passwords.properties file, but I still get the exact same error.
Any ideas what I could be doing wrong? Nothing else about my Alfresco installation has changed except for the truststore files. All truststore default passwords remain unchanged.
For additional information, I'm using:
Fedora 12 64-bit
alfresco-4.0.d
MySQL 5.1.47
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2012 10:48 PM
Hi,
Did you manage to solve this problem? Our keystore expired yesterday and we receive this error after attempting to recreate it. I am trying to get it using our actual CA signed certificates but get the same even just following the .txt instructions to create the keystore using the Alfresco CA. We've been offline for 5 hours now while I try to figure it out.
Did you manage to solve this problem? Our keystore expired yesterday and we receive this error after attempting to recreate it. I am trying to get it using our actual CA signed certificates but get the same even just following the .txt instructions to create the keystore using the Alfresco CA. We've been offline for 5 hours now while I try to figure it out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2012 07:38 AM
If you need assistance to create secure new certificates feel free to send us a message: alfrescocerts@ecm4u.de
We would be happy to help you!
Regards
Heiko
—
Heiko Robert - http://www.ecm4u.de - just simply use ECM in processes
We would be happy to help you!
Regards
Heiko
—
Heiko Robert - http://www.ecm4u.de - just simply use ECM in processes