|
Problem(Abstract) |
After changing the password for the CACERTS file in
/WAS_HOME/java/jre/lib/security, the application fails to make the SSL
connection and this message appears in the server's SystemOut.log:
java.net.SocketException: KeyManagerFactoryImpl: Keystore was tampered
with, or password was incorrect |
|
|
|
Cause |
The truststore and keystore files and passwords were not
set. If these are not set, IBM® JSSE assumes that CACERTS is the
truststore as well as the keystore and that the password is the default
password : "changeit"
Applications using IBM JSSE are required to specify which files act as
the
keystore and truststore and what the passwords are. The following system
properties must be set either programatically or when launching the
application that uses IBM JSSE -
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
|
|
|
Resolving the
problem |
To set the properties in the Java™ Virtual Machine, open
the administrative console and navigate to
servers-->server_name-->process definition -->java virtual
machine-->custom properties .
Add these property names and values:
javax.net.ssl.trustStore value:
WAS_HOME/java/jre/lib/security/cacerts
javax.net.ssl.trustStorePassword value: mypassword
javax.net.ssl.keyStore value:
WAS_HOME/java/jre/lib/security/cacerts
javax.net.ssl.keyStorePassword value: mypassword
Apply and save the changes and restart the server.
Note that all four properties must be set, even if the same file is used
for trustStore and keyStore. |
|
|
|