The keyfile and trustfile passwords in security.xml do not
match true passwords in the key files and/or trust files.
To find out what ssl repertoires are in use for the ports on your
server, open the server.xml file and look for the
<transports> tag:
Example:
<transports xmi:type="applicationserver.webcontainer:HTTPTransport"
xmi:id="HTTPTransport_2" external="false" sslEnabled="true"
sslConfig="myhost/DefaultSSLSettings">
<address xmi:id="EndPoint_2" host="*" port="9443"/>
</transports>
Note: server.xml is located in <install_root>
config/cells/<cellname>nodes/<nodename>/servers/<servername>
After you find the name of your ssl repertoire in server.xml, you can
make the necessary changes in a different file, the security.xml.
The security.xml contains the settings for the sslConfig:
For example, the setting for "myhost/DefaultSSLSettings" can be located
in the <repertoire> tag:
<repertoire xmi:id="SSLConfig_1" alias="myhost/DefaultSSLSettings">
<setting xmi:id="SecureSocketLayer_1"
keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks"
keyFilePassword="{xor}Lz4sLCgwLTs=" keyFileFormat="JKS"
trustFileName="/usr/WebSphere5/AppServer1/etc/DummyServerTrustFile.jks"
trustFilePassword="{xor}Lz4sLCgwLTs=" trustFileFormat="JKS"
clientAuthentication="false" securityLevel="HIGH"
enableCryptoHardwareSupport="false">
The keyFilePassword and trustFilePassword shown above must match the
actual passwords in the associated *.jks files, or the error message
"keystore was tampered with" will occur.
Note: security.xml is located in
<install_root>/config/cells/<cellname>
|