1

Generated keystore and configured in application.properties file as given in this link - http://doc-kurento.readthedocs.io/en/stable/mastering/securing-kurento-applications.html

But still facing error -

java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) ~[na:1.7.0_101] at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) ~[na:1.7.0_101] at java.security.KeyStore.load(KeyStore.java:1226) ~[na:1.7.0_101] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:451) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:355) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:608) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:548) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:360) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:765) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472) ~[tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.catalina.connector.Connector.startInternal(Connector.java:986) [tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.28.jar:8.0.28] at org.apache.catalina.core.StandardService.addConnector(StandardService.java:237) [tomcat-embed-core-8.0.28.jar:8.0.28] at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:194) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:151) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:290) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:141) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:540) [spring-context-4.2.3.RELEASE.jar:4.2.3.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.SpringApplication.doRun(SpringApplication.java:347) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:295) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.kurento.tutorial.one2onecall.One2OneCallApp.main(One2OneCallApp.java:60) [classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_101] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_101] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_101] at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101] at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:293) [exec-maven-plugin-1.4.0.jar:na] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101] Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ~[na:1.7.0_101] ... 28 common frames omitted

ArK
  • 20,698
  • 67
  • 109
  • 136
Starksky
  • 41
  • 7

2 Answers2

1

There is an error in the documentation with the format of the file . The correct file looks like this

server.port: 8443
server.ssl.key-store: keystore.jks
server.ssl.key-store-password: yourPassword
server.ssl.keyStoreType: JKS
server.ssl.keyAlias: yourKeyAlias

Check that you file is according to that, and make sure that you are providing the correct keystore location in server.ssl.key-store

igracia
  • 3,543
  • 1
  • 18
  • 23
  • Tried the same, checked server.ssl.key-store, still getting the same error. – Starksky Jul 20 '16 at 11:08
  • Are you getting that error with the self-signed certificate that comes with the apps? It looks like your keystore is not generated correctly, or that you are not using the right password. It's quite an straightforward process... – igracia Jul 20 '16 at 11:20
  • I used the link - http://doc-kurento.readthedocs.io/en/stable/mastering/securing-kurento-applications.html , to generate the keystore, is there any other way to generate it, and keystore is present at home directory i.e. /home/ubuntu/kurento-tutorial-java/kurento-one2one-call . And configured application.properties in /home/ubuntu/kurento-tutorial-java/kurento-one2one-call/src/main/resources. – Starksky Jul 20 '16 at 13:04
  • this is the application.properties -ubuntu@ubuntu14:~/kurento-tutorial-java/kurento-one2one-call/src/main/resources$ cat application.properties server.port: 8443 server.ssl.key-store: keystore.jks server.ssl.key-store-password: password server.ssl.keyStoreType: JKS server.ssl.keyAlias: selfsigned – Starksky Jul 20 '16 at 13:05
  • I've just checked those instructions and they work. You must haven't created the file right, or probably is the keystore file that comes with the tutorials, and thus the password is not right. – igracia Jul 20 '16 at 13:47
  • we did tried as you said and cross checked the configuration, but we still are stuck on this. Our whole project is getting delayed. will it be possible for you if we can have quick troubleshooting session. – Starksky Jul 21 '16 at 06:57
  • Are you releasing an app to the public with a self-signed certificate? Really? I assure you that, if you follow those steps, and place the file where it is supposed to go, it will work. You can have a look at the [official Spring-Boot documentation on configuring SSL](http://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-configure-ssl). – igracia Jul 21 '16 at 07:33
  • After applying self signed certificates, the application server got up, but still when run in pc chrome it is showing the certificates untrusted and when tried to run on android it is giving error.I/X509Util: Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. And thus not giving the view. – Starksky Aug 02 '16 at 06:47
  • Is it a self-signed certificate? – igracia Aug 02 '16 at 14:03
  • This is the first time I am working on this issue, so first I created the keystore using server.port: 8443 server.ssl.key-store: keystore.jks server.ssl.key-store-password: yourPassword server.ssl.keyStoreType: JKS server.ssl.keyAlias: yourKeyAlias. Secondly I created .crt and .key usign this link http://www.akadia.com/services/ssh_test_certificate.html . Then I am not able to find/know where is server.js file in which i will input these .csr and .key file. – Starksky Aug 03 '16 at 04:58
  • @Starksky `server.js`? I think you've got a mess there. Those instructions are for spring-boot applications! What kind of application do you want to secure? – igracia Aug 03 '16 at 08:30
  • Finally I was able to install self signed certificated, generated the BKS file for client, now have to apply the generated bks file into android and implement android webrtc client. Do you know any source or tutorial for android webrtc client for kurento one 2 one call? – Starksky Aug 05 '16 at 09:29
0

I recently faced the same issue - Caused by:

java.security.UnrecoverableKeyException: Password verification failed . Keystore was tampered with, or password was incorrect

Issue Resolved Steps .

Step 1 : Check the keystore cert password is correct under your installed jdk by using the cmd

keytool -list -keystore cacerts from [$JAVA_HOME/jre/lib/security] or from the folder where the cert is pointed

if Step 1 is valid

Step2 : Check from the application - How the application is passing the password . It may be password with additional commas or misspelled. The password your provided from the application mismatched with original keystore password, hence java security throw the UnrecoverableKeyException

DavidW
  • 29,336
  • 6
  • 55
  • 86
Sjith
  • 1