Java.security.unrecoverablekeyexception password verification failed tomcat

Hi @slangley ,

I uses Oracle JDK and the version is 1.8.0_92 and it's 64bit.(see the details below) . Actually I uses the same JDK installer for ThingWorx 8.3.4 and didn't get the error. 

Tomcat itself  starts successfully, I can access Tomcat homepage  but the application Thingworx fail to start.  Tomcat still starts successfully if move out Thingworx folder and Thingworx.war out of the <tomcat_home>\webapps. 

================JAVA VERSION=====================

C:\Users\Administrator>java -version
java version "1.8.0_192"
Java(TM) SE Runtime Environment (build 1.8.0_192-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.192-b12, mixed mode)

server:
  port: 10002
  ssl:
    key-store: xxx.jks
    key-password: xxxxx

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
	at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216)
	at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
	at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:282)
	at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)

The configuration for keystore retrieved from a cloud config server, and works fine on 2.3.5 release

Probably related to the following fix in 2.3.6 but from the quick look I do not see an issue there
#24052

Hi All,

We have recently upgraded (1905 to 2105) and migrated to CCV2 from on-prem.

On server startup, we have observed following Warning with UnrecoverableKeyException. Although, the server does startup fine and the sites are also working perfectly, but the following warning comes in the logs:

{

"origin": "catalina",

"timeMillis": 1653514273820,

"thread": "main",

"level": "WARNING",

"loggerName": "org.apache.tomcat.util.net.SSLHostConfig",

"threadId": 1,

"threadPriority": 5,

"message": "The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.",

"contextMap": {

"sourceClassName": "org.apache.tomcat.util.net.SSLHostConfig",

"sourceMethodName": "getTruststore"

},

"thrown": {

"localizedMessage": "Password verification failed",

"message": "Password verification failed",

"name": "java.security.UnrecoverableKeyException",

"extendedStackTrace": [

{

"class": "sun.security.provider.JavaKeyStore",

"method": "engineLoad",

"file": "JavaKeyStore.java",

"line": 793

},

{

"class": "sun.security.util.KeyStoreDelegator",

"method": "engineLoad",

"file": "KeyStoreDelegator.java",

"line": 222

},

Could anybody please help here?

Thanks in advance!

Hi, we get the following Ranger error - maybe you can help me to fix it as soon as possible?! (We activated MIT Kerberos). Thanks in advance!

How can I check that the password of the keystore file is correct? And where can I change it?

Feb 17, 2020 4:29:56 PM org.apache.ranger.server.tomcat.EmbeddedServer start
INFO: Provided Kerberos Credential : Principal = rangeradmin/ and Keytab = /etc/security/keytabs/rangeradmin.service.keytab
Feb 17, 2020 4:29:56 PM org.apache.ranger.server.tomcat.EmbeddedServer$1 run
INFO: Starting Server using kerberos credential
Feb 17, 2020 4:29:57 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-6182"]
Feb 17, 2020 4:29:57 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-6182"]
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:497)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:381)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:654)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:594)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:539)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:255)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:728)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:560)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:840)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:370)
at org.apache.ranger.server.tomcat.EmbeddedServer.startServer(EmbeddedServer.java:271)
at org.apache.ranger.server.tomcat.EmbeddedServer.access$100(EmbeddedServer.java:44)
at org.apache.ranger.server.tomcat.EmbeddedServer$1.run(EmbeddedServer.java:253)
at org.apache.ranger.server.tomcat.EmbeddedServer$1.run(EmbeddedServer.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.ranger.server.tomcat.EmbeddedServer.start(EmbeddedServer.java:249)
at org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:68)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783)
... 30 more