Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Adding cert to truststore
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Adding cert to truststore
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2012 11:00 AM
Hello,
I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the following error:
I'm trying to import a certificate into my truststore files using the following command:
Since there are several truststore files, I ran the keytool command on the following files:
The keytool imports the certificate into the truststore just fine, but once I restarted Alfresco, I am unable to log in and I get the errors above. At this point, I figured that I should add my new alias to the ssl-truststore-passwords.properties file, but I still get the exact same error.
Any ideas what I could be doing wrong? Nothing else about my Alfresco installation has changed except for the truststore files. All truststore default passwords remain unchanged.
For additional information, I'm using:
Fedora 12 64-bit
alfresco-4.0.d
MySQL 5.1.47
I am having difficulty importing a 3rd party CA into my truststore. I installed Alfresco without a hitch and I could login just fine, that is, until I started messing with the truststore files. Now I am unable to login at all, even when accessing Alfresco using the non-SSL port. I get the following error:
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.social.twitter.connect.TwitterConnectionFactory]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failure initializing default SSL context
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:141)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:108)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
… 45 more
Caused by: java.lang.IllegalStateException: Failure initializing default SSL context
at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:211)
at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:333)
at org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:165)
at org.springframework.social.support.HttpComponentsClientHttpRequestFactory$HttpComponentsClient_4_1.getInstance(HttpComponentsClientHttpRequestFactory.java:185)
at org.springframework.social.support.HttpComponentsClientHttpRequestFactory.<init>(HttpComponentsClientHttpRequestFactory.java:79)
at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator$1.<init>(ClientHttpRequestFactorySelector.java:68)
at org.springframework.social.support.ClientHttpRequestFactorySelector$HttpComponentsClientRequestFactoryCreator.createRequestFactory(ClientHttpRequestFactorySelector.java:68)
at org.springframework.social.support.ClientHttpRequestFactorySelector.getRequestFactory(ClientHttpRequestFactorySelector.java:44)
at org.springframework.social.oauth1.OAuth1Template.createRestTemplate(OAuth1Template.java:169)
at org.springframework.social.oauth1.OAuth1Template.<init>(OAuth1Template.java:92)
at org.springframework.social.oauth1.OAuth1Template.<init>(OAuth1Template.java:76)
at org.springframework.social.twitter.connect.TwitterServiceProvider.<init>(TwitterServiceProvider.java:31)
at org.springframework.social.twitter.connect.TwitterConnectionFactory.<init>(TwitterConnectionFactory.java:28)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:126)
… 47 more
Caused by: java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Invalid keystore format
at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:55)
at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:230)
at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:190)
at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:209)
… 64 more
I'm trying to import a certificate into my truststore files using the following command:
/opt/alfresco-4.0.d/java/jre/bin/keytool -import -alias my.ca -file my.crt -keystore ssl.keystore -storetype JCEKS Since there are several truststore files, I ran the keytool command on the following files:
/opt/alfresco-4.0.d/alf_data/keystore/ssl.truststore
/opt/alfresco-4.0.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/keystore/ssl.truststore
/opt/alfresco-4.0.d/java/jre/lib/security/cacertsThe keytool imports the certificate into the truststore just fine, but once I restarted Alfresco, I am unable to log in and I get the errors above. At this point, I figured that I should add my new alias to the ssl-truststore-passwords.properties file, but I still get the exact same error.
Any ideas what I could be doing wrong? Nothing else about my Alfresco installation has changed except for the truststore files. All truststore default passwords remain unchanged.
For additional information, I'm using:
Fedora 12 64-bit
alfresco-4.0.d
MySQL 5.1.47
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2012 10:48 PM
Hi,
Did you manage to solve this problem? Our keystore expired yesterday and we receive this error after attempting to recreate it. I am trying to get it using our actual CA signed certificates but get the same even just following the .txt instructions to create the keystore using the Alfresco CA. We've been offline for 5 hours now while I try to figure it out.
Did you manage to solve this problem? Our keystore expired yesterday and we receive this error after attempting to recreate it. I am trying to get it using our actual CA signed certificates but get the same even just following the .txt instructions to create the keystore using the Alfresco CA. We've been offline for 5 hours now while I try to figure it out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2012 07:38 AM
If you need assistance to create secure new certificates feel free to send us a message: alfrescocerts@ecm4u.de
We would be happy to help you!
Regards
Heiko
—
Heiko Robert - http://www.ecm4u.de - just simply use ECM in processes
We would be happy to help you!
Regards
Heiko
—
Heiko Robert - http://www.ecm4u.de - just simply use ECM in processes
Related Content
- Alfresco Community Edition 23.1 Release Notes in Alfresco Blog
- Where is the truststore path located in ldap-ad config in Alfresco Forum
- Performance Testing AWS Elasticsearch(Version 7.10) with ACS 7.2.0, ES Connector 3.1.0 in Alfresco Blog
- Is there a consistent documentation to setup search services and keystores ? Or source for 2.0.5 ? in Alfresco Forum
- Securing Alfresco with 5 simple steps in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
