Tomcat, OpenSSL, SSL error with keytool: Keystore was tampered with, or password was incorrect

Question

I need help, first of all, in any of stackoverflow posts I can't found a correct answer.

I'm tring to set my Web application in tomcat server with SSL using Keytool and Certbot First I used Certbot and generated the respectives.pem files (privkey.pem, fullchain.pem, etc). After that I did this steps:

Add with OpenSSL my privkey.pem to JKS

My password is too simple "123456", impossible to forget. (I'm just trying) After that I convert the pkcs12 to JKS with:

Finally Add the chain.pem to my Keystore. In this step I enter the password that I entered previously. And I get the meesage:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

If I edit my server.xml file in Tomcat server with connector 8443 and my keystore, when I start server I get the same error in catalina.out.

Answer 1

The password of your MyDSKeyStore.jks file is '-destkeypass' , as a consequence of the way keytool parses the second commandline you used: -deststorepass should be followed be the password. In your case it is followed by -destkeypass .

Remark: Your question seems to be na XY problem : you want to configure a Tomcat SSL connector using certificates in PEM format, so you ask how to transform a PEM certificate into JKS. While the procedure you show is almost correct, it is useless on modern Tomcat's (cf. this answer ): Tomcat supports PKCS12 files since version 5.5 at least and supports certificates in PEM format since version 8.5. There is no need to convert anything.