https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252699#M205829 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the following error:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.social.twitter.connect.TwitterConnectionFactory]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failure initializing default SSL context<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:141)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:108)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 45 more<BR />Caused by: java.lang.IllegalStateException: Failure initializing default SSL context<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:211)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.http.conn.ssl.SSLSocketFactory.&lt;init&gt;(SSLSocketFactory.java:333)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:165)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.support.HttpComponentsClientHttpRequestFactory$HttpComponentsClient_4_1.getInstance(HttpComponentsClientHttpRequestFactory.java:185)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.support.HttpComponentsClientHttpRequestFactory.&lt;init&gt;(HttpComponentsClientHttpRequestFactory.java:79)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator$1.&lt;init&gt;(ClientHttpRequestFactorySelector.java:68)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator.createRequestFactory(ClientHttpRequestFactorySelector.java:68)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.support.ClientHttpRequestFactorySelector.getRequestFactory(ClientHttpRequestFactorySelector.java:44)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.oauth1.OAuth1Template.createRestTemplate(OAuth1Template.java:169)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.oauth1.OAuth1Template.&lt;init&gt;(OAuth1Template.java:92)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.oauth1.OAuth1Template.&lt;init&gt;(OAuth1Template.java:76)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.twitter.connect.TwitterServiceProvider.&lt;init&gt;(TwitterServiceProvider.java:31)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.social.twitter.connect.TwitterConnectionFactory.&lt;init&gt;(TwitterConnectionFactory.java:28)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.reflect.Constructor.newInstance(Constructor.java:513)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:126)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 47 more<BR />Caused by: java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Invalid keystore format<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:55)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:230)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:190)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:209)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 64 more<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>I'm trying to import a certificate into my truststore files using the following command:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>/opt/alfresco-4.0.d/java/jre/bin/keytool -import -alias my.ca -file my.crt -keystore ssl.keystore -storetype JCEKS <SPAN class="line-numbers-rows"><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>My server DOES have another version of JAVA installed, so I made sure to explicitly use the keytool that comes with Alfresco's JAVA installation. Also, for troubleshooting purposes, I did not rename any of the passwords. </SPAN><BR /><BR /><SPAN>Since there are several truststore files, I ran the keytool command on the following files:</SPAN><BR /><PRE class="language-none line-numbers"><CODE>/opt/alfresco-4.0.d/alf_data/keystore/ssl.truststore<BR />/opt/alfresco-4.0.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/keystore/ssl.truststore<BR />/opt/alfresco-4.0.d/java/jre/lib/security/cacerts<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>The keytool imports the certificate into the truststore just fine, but once I restarted Alfresco, I am unable to log in and I get the errors above. At this point, I figured that I should add my new alias to the </SPAN><EM>ssl-truststore-passwords.properties</EM><SPAN> file, but I still get the exact same error.</SPAN><BR /><BR /><SPAN>Any ideas what I could be doing wrong? Nothing else about my Alfresco installation has changed except for the truststore files. All truststore default passwords remain unchanged.</SPAN><BR /><BR /><SPAN>For additional information, I'm using:</SPAN><BR /><SPAN>Fedora 12 64-bit</SPAN><BR /><SPAN>alfresco-4.0.d</SPAN><BR /><SPAN>MySQL&nbsp; 5.1.47</SPAN></BODY></HTML> Wed, 06 Jun 2012 15:00:29 GMT nikkorizz 2012-06-06T15:00:29Z https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252699#M205829 Hello,I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the foll Wed, 06 Jun 2012 15:00:29 GMT https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252699#M205829 nikkorizz 2012-06-06T15:00:29Z https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252700#M205830 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>Did you manage to solve this problem? Our keystore expired yesterday and we receive this error after attempting to recreate it. I am trying to get it using our actual CA signed certificates but get the same even just following the .txt instructions to create the keystore using the Alfresco CA. We've been offline for 5 hours now while I try to figure it out.</SPAN></BODY></HTML> Fri, 17 Aug 2012 02:48:41 GMT https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252700#M205830 chrisokelly 2012-08-17T02:48:41Z https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252701#M205831 <HTML><HEAD></HEAD><BODY><SPAN>If you need assistance to create </SPAN><A href="https://forums.alfresco.com/en/viewtopic.php?f=8&amp;t=45955" rel="nofollow noopener noreferrer">secure new certificates</A><SPAN><SPAN> feel free to send us a message: </SPAN><A class="jive-link-email-small" href="mailto:alfrescocerts@ecm4u.de" rel="nofollow noopener noreferrer">alfrescocerts@ecm4u.de</A></SPAN><BR /><BR /><SPAN>We would be happy to help you!</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Heiko</SPAN><BR /><BR /><SPAN>—</SPAN><BR /><SPAN>Heiko Robert - </SPAN><A href="http://www.ecm4u.de" rel="nofollow noopener noreferrer">http://www.ecm4u.de</A><SPAN> - just simply use ECM in processes</SPAN></BODY></HTML> Fri, 17 Aug 2012 11:38:06 GMT https://connect.hyland.com/t5/alfresco-archive/adding-cert-to-truststore/m-p/252701#M205831 heiko_robert 2012-08-17T11:38:06Z