Syncrify » Knowledge base

Document information

Document ID:1448
Subject:Syncrify won't start after applying HTTPS certificate
Creation date:7/30/10 11:23 AM
Last modified on:10/1/10 9:25 AM


Common problems with HTTPS certificate

If you decide to purchase an SSL certificate and miss one or more steps during setup, Syncrify won't be able to start the web server using that certificate.

Symptoms

You see the following error in Syncrify log after applying the HTTP certificate.

2010-07-29 11:27:08,634 ERROR http11.Http11BaseProtocol - Error initializing endpoint
    java.io.IOException: Keystore was tampered with, or password was incorrect

Solution

There are two possible reasons for this error:
  1. Incorrect password - Ensure you specified the correct password for your certificate in server.properties file. Refer to the last step in this document.
  2. Your keystore was not created correctly - this is a bit more complicated to resolve. The following section talks about the keystore and methods to see if it is correct.


A keystore, as the name implies, contains a bunch of private keys. You always create a store by generating a private key for yourself. Since your private key is not trusted by anyone on the Internet, you need some other entity to build a trust relationships. This entity is called certificate authority (CA). When you purchase a key from a CA, they send you their certificate, which you have to add in your keystore. Therefore, at the very least your keystore should contain 2 entries:

  1. Your private key
  2. A trusted certificate entry from a CA
Use the following command to confirm if these two entries exist in the keystore.
cd $INSTALLDIR/htdocs/sslCert
keytool -list -keystore syncrify.keystore
The above command assumes you have JDK installed on your machine and keytool is in your PATH.

This command will prompt you for your password. Once the password has been entered, you should see something similar to the following:
C:\Syncrify\htdocs\sslCert>keytool -list -keystore syncrify.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

syncrify, Dec 10, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5): A4:C6:02:18:9C:12:32:27:58:89:AE:96:C0:D5:8A:C2
intermed, Dec 10, 2008, trustedCertEntry,
Certificate fingerprint (MD5): D5:DF:85:B7:9A:52:87:D1:8C:D5:0F:90:23:2D:B5:34
cross, Dec 10, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 82:BD:9A:0B:82:6A:0E:3E:91:AD:3E:27:04:2B:3F:45

In the above example, the keystore contains 3 entries:
  1. A private key that you created before submitting a CSR to a CA.
  2. An intermediary certificate, which was required by the CA where this certificate was purchased from
  3. A certificate from the CA
Ensure your keystore contains at least two entries, first PrivateKeyEntry and then one trustedCertEntry. You need additional entries, like the second entry in the example above, if your CA depend on them. Most CA depend on additional entities to create a trust relationship.





Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters

Navigation

Social Media

Powered by 10MinutesWeb.com