Got 'Invalid keystore format' when trying to set up an SSL connection

Similar Messages

• Trying to set up an ssl connection. Please help!!!

  I have a client computer (Unix machine) which is connected to the tomcat server which in turn connects to another system (acts a server, it runs on windows NT) thru https connection.I already have a Netscape CMS issued certificate file ie .pfx file, which I need to use in setting up the ssl connection. But I see that you cannot directly use this format (pfx) in the keytool command to create a keystore. Can anyone explain how to do this , if you have some idea. I use jdk1.4. also I couldnt find any jar files under jre/lib directory related to jsse package. I just see jsse.jar file. can you explain me what is the alternative approach to copying these jar files(jcert.jar, jnet.jar, jsse.jar) under jre/lib/ext.
  Thanks a lot.

  I can only guess that the keystore file was corrupted when you copied it onto the Linux system. Check the first 8 bytes of the keystore file with a hex editor or viewer. They should be (in hex) fe ed fe ed 00 00 00 0z, where z is either 1 or 2.
  In Linux, you can use the od command, e.g. od -t x1 keystorefile | head -1 should display the first 16 bytes of the file.

• Java.io.IOException: Invalid keystore format

  Getting this invalid keystore format when trying to enter a secure website that run java. Tried to re-install several times and several versions of JRE... NtWebTellerApplet.
  This is running on a Vista Ultimate x64 with Q6600 and 8 gigs of RAM. Even tried to get the support on that site to remote help.. No luck in that either.
  ava.io.IOException: Invalid keystore format
       at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
       at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
       at java.security.KeyStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeploySigningCertStore.loadCertStore(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
       at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$000(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)

  I think that I am on to something. I deleted all the files in this directory:
  C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security
  This seems to resolve the problem with the invalid keystore (is a new one created?). Do not know yet if it has some unwanted side effects, but jeg jvm seems to start normally.

• Invalid keystore format

  I have a Java applet (called PALS) that was developed with version 1.5 update 7. It has been signed with a digital certificate from Thawte. Recently a customer had her Windows XP machine re-imaged, and that image comes with the Java 6 JRE. Others have had this done and were still able to run my applet, but she gets an error message that complains about an "invalid keystore format."
  I tried going into the Java Console and removing the user's PALS certificate, but it also complains about the keystore format. I then tried just removing Java 6 and installing Java 5, hoping that that would would clear things up, but she gets the same error.
  Am I correct that when a user runs my applet the certificate is read from the JAR file and placed in a keystore on their machine? If the keystore has the wrong format, can I just delete it, and where is that file? I thought it was supposed to have the name .keystore but I can't find that anywhere.

  That was where I was expecting to find it, but it's not there. On a machine that hasn't been corrupted like my customer's, I can open up the Java Control Panel, go to the Security tab, click on certificates, and see the certificate that was used to sign the JAR file, but I don't have a .keystore file.
  If it hasn't saved it in a file, where did it put it?
  Thanks for your reply.

• Default SSL context init failed: Invalid keystore format

  Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
  import java.io.IOException;
  import java.util.Hashtable;
  import javax.naming.Context;
  import javax.naming.NamingException;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.InitialDirContext;
  import javax.naming.ldap.LdapContext;
  public class TestAuthentifikation {
      public static void main (String [] args) throws IOException  {
             try {
                  Hashtable env = new Hashtable();
                  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                  env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/"); 
                  env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
                  env.put(Context.SECURITY_CREDENTIALS, "passwd");
                  env.put(Context.SECURITY_AUTHENTICATION, "simple");
                  env.put(Context.SECURITY_PROTOCOL, "ssl");
                  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                  System.setProperty("javax.net.ssl.keyStore",  "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                  System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                  env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
                  DirContext ctx = new InitialDirContext(env);
                  //use ctx....
                  // Close the context when we're done
                  ctx.close();
                catch(NamingException ne) {
                  System.err.println(ne);
                  ne.printStackTrace();
  }The exception is this:
  javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
          at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
          at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
          at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
  openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
  I should do something like this:
  keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
  I did this and changed the keystore from cacerts to mycacerts in the java class file:
  sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
  javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  Edited by: borobudur on May 18, 2008 7:09 AM

  Just a permission problem! Take care that your process can write on the keystore/truststore.

• "Invalid Keystore Format" with Java Web Start

  I got a user with a "invalid keystore format" problem He's running Windows XP and it happens when our java webstart application is starting up. He had a mix of java 5 and java 6.
  We uninstalled all his javas and deleted his c:\program files\java\jre6\lib\security\cacerts file as suggest by my company's support people and reinstalled java 6 U 22 and he still has the problem.
  The other users don't have a problem.
  How do we get our java web start application on work for him? It a java application and not a java applet.
  He got a new Dell laptop a couple of months ago and it has never worked for him. That model of laptop works for other users.

  the jar containing the native lib (win32com.dll) needed to be under the <nativelib> tag in the jnlp rather than <jar> .. duh!
  fixing that solved the problem :)

• HT1553 I did the back up as instructed... Installed a larger hard drive and followed the restore instructions... Now I get a white screen with a folder icon and blinking question mark. When trying to set startup with new drive I get a bless tool error...

  I did the back up as instructed... Installed a larger hard drive and followed the restore instructions... Now I get a white screen with a folder icon and blinking question mark. When trying to set startup with new drive I get a bless tool error... Help!!

  If you have installed a new hard drive , you will need to have formatted it in Disk Utility correctly. This may explain your problem.
  Boot  into your 10.6 Install disk again at the top menubar > Utilities > select Disk utility and in there select your new hard drive, and select the tab Erase and choose to make the format as  Mac OS Extended Journaled. When that is finished look in the main window to make sure that the partition map scheme says GUID Partition Table.
  Now go to the Restore tab and reinstall from your backup.

• How can I overcome error message "missing or invalid personalisation info" when trying to re-install Elements 3. I need to re-install Elements 3,

  How can I overcome error message "missing or invalid personalisation info" when trying to re-install Elements 3. I need to re-install Elements 3,
  @ Alternatively purchase an Elements 9 or 10.  Holding Elements13 but that needs OS 10.8 (Lion) and much of my data is in Appleworks, which is incompatble
  Apologies if I am using this incorrectly.  My first time here

  Hi.  Thanks for coming back to me.  I am using Mountain Leopard (OSX 10.6.8).  Had major problem and have re-formatted my H/D and re-installing software.  Must have lost a file in the process.  Would upgrade to Lion only I have a lot of vital data in Officeworks, but that is incompatible with Lion.

• HT2105 Continually get a message saying "We are experiencing technical difficulties, please try later" when trying to set up allowances. Not very helpful. Any ideas. I am running the latest itunes with Windows 7 Professional.

  Continually get a message saying "We are experiencing technical difficulties, please try later" when trying to set up allowances. Not very helpful. Any ideas. I am running the latest itunes with Windows 7 Professional.

  Not a solution yet, but received the following from one of the tech people I've been e-mailing back & forth with.
  "I'm sorry that you have been unable to submit your podcast. The podcast submission form is currently offline. When trying to submit the podcast you will receive this message "We are Currently Experienced Technical Difficulties". Once the issue has been resolved, I would be glad to inform you.
  Apple is currently working toward a resolution for the issue you have reported. You will receive an email after the matter has been investigated and further information is available."
  Who knows, maybe the problem isn't with my feed after all.

• Got the following message when trying to install Photoshop CC "You are running an operating system that Photoshop no longer supports. Refer to the system requirements for a full list of supported platforms." I use Windows Vista so not sure what I need to

  Hi there
  I got the following message when trying to install Photoshop CC, "You are running an operating system that Photoshop no longer supports. Refer to the system requirements for a full list of supported platforms."
  I use Windows Vista so not sure what I need to do now! Any help would be much appreciated thanks.

  Photoshop CC only runs on Windows 7 or Windows 8/8.1. Not Vista.
  System requirements | Photoshop

• I keep getting an error when trying to update an app- cannot connect to store. I logged out from my account and tried to log back in and got the same error. I am doing all this from my phone since I no longer own a personal computer (only work)

  I keep getting an error when trying to update an app- cannot connect to store. I logged out from my account and tried to log back in and got the same error. I am doing all this from my phone since I no longer own a personal computer (only work) since I use iCloud and I tunes match

  YAY!!! Saved it in my Mac's Firefox Bookmarks for easy future access!
  Hope you are having a lovely afternoon today! I'm about ready to go bobo....I have an early meeting, and I don't want to oversleep! The nice part is that I work remotely, so I only have to wake up 15 minutes or so before the meeting.... I don't even use an alarm clock anymore (really, my iPhone alarm, which is much more pleasant), unless I have to get up at 6:30 or something....
  TMI?
  GB

• Invalid Keystore Format error

  we need to configure an SSO from SAP portal and a third party website by passing encrypted userid as url parameters.
  To configure the SSO I have received the public key of the third party and able to access it from server location. Now I have to access priavte key of the SAP Portal certificate and sign the UserId and pass it as url parameter. I have gone through many blogs and written code as below which is giving Invalid Keystore Format error.
  My question is
  1. What should be passed to FileInputStream?
  As of now we are passing the .cer file which is stored as part of project.
  Below code is throwing error at ks.load() method.
  String fielPath1 = request.getPublicResourcePath()+"/SAPLogonTicketKeypair-cert1.cer";
  FileInputStream ksfis = new FileInputStream(fielPath1);
  KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(null, sPass.toCharArray());
  BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
  ks.load(ksbufin, sPass.toCharArray());
  PrivateKey priv = (PrivateKey) ks.getKey(alias, kPass.toCharArray());
  Error is:
  Invalid keystore formatsun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)java.security.KeyStore.load(KeyStore.java:1185)am_sso_apc.doContent(am_sso_apc.java:132)com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:213)
  Please let me know how to pass the filepath to extract the priavte key .
  Regards,
  Satish

  I found the solution. As follows:
  keytool -list -keytool keytoolfile -storetype jceks

• Iphone 4s is saying invalid security code when trying to put in my debit card to download apps and etc.

  i phone is saying invalid security code when trying to put in my debit card to get apps and etc

  Try Here  >  http://support.apple.com/kb/TS1646
  If no joy...
  Contact iTunes Customer Service and request assistance
  Use this Link  >  Apple  Support  iTunes Store  Contact

• HT201320 when trying to set up my email account, i enter add account tap in my details for my virgin media email account, after going through the veryfying, it comes back with cannot connect using ssl.

  when trying to set up my personal email account, following the on screen instructions, it comes back with CANNOT CONNECT USING SSL, do you want to try setting up the account without ssl? Yes or No

  Since Thunderbird does not run on iPads, what does this have to do with Thunderbird?

• Ava.io.IOException: Invalid keystore format

  Hi;
  I am getting the following error while launching my applet through browser.
  I have modified my java version from 1.4.2_08 to 1.5.0.10.
  java.io.IOException: Invalid keystore format
       at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
       at java.security.KeyStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
       at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$100(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)Please help me.what should be a problem for that.

  I think that I am on to something. I deleted all the files in this directory:
  C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security
  This seems to resolve the problem with the invalid keystore (is a new one created?). Do not know yet if it has some unwanted side effects, but jeg jvm seems to start normally.