users@glassfish.java.net

Re: Clean install, import key help requested *2nd*

From: Lance Raymond <lraymond_at_weatherflow.com>
Date: Thu, 29 Oct 2009 21:36:41 -0400

#1# So clean install with the default keystore.jks works, correct? - yep
#2# Your keystore has a different password, so when you renamed the orginal
keystore to keystore.old and renamed mystore.jks to keystore.jks and
restarted Glassfish ==>> keystore errors and Glassfish won't start, correct?
- yep. I don't know if it matters or not, but I don't know if the original
keystore.jks file was named mykeystore, or keystore, etc. as I only got a
backup copy and the person who did it is no longer around.

#3# Assuming the above two observations are correct, you then changed the
keystore password of the keystore.jks (renamed from mystore.jks) to
changeit, correct? You can list the contents of the keystore with storepass
= changeit, but when you Restarted Glassfish ==>> keystore errors and
Glassfish won't start, correct? - yep

It seems I am running jdk6 but the help file and the below commands are
correct
keytool -keypasswd -alias wfgfcert -keypass <current password> -new changeit
-keystore keystore.jks -storepass changeit - no error so all ok
keytool -keypasswd -alias s1as -keypass <current password> -new changeit
-keystore keystore.jks -storepass changeit - no error so all ok

Then a restart, and fail. So I found the error and it's all coming
together....
* IOP5079: Alias name s1as does not identify a key entry.*

Digging around and thinking, looking and found it. The alias in the
keystore.jks (not the new install one, has 3 alias, the 3rd is slas (all
letters) )
That error and the keystore.jks on a new install is s1as (the #1 in there).
So somehow the guy created an alias and misread (which I can see why) the
'1' for an 'l'. So... with that, I will read as it's getting late, but if
I can simply import the alias (I don't think you can rename), but if I can
import the one from the newly installed keystore.jks.newinstall into the
good keystore.jks, gf will find it (nothing wrong with a few alias) and will
start, right?

Man are my IOU's adding up, but at least I am really understanding more and
more!

Lance

The only thing that shows as an 'error'

On Thu, Oct 29, 2009 at 4:04 PM, <bamoss_at_sceats.com> wrote:

> Hi Lance,
>
> #1# So clean install with the default keystore.jks works, correct?
>
> #2# Your keystore has a different password, so when you renamed the orginal
> keystore to keystore.old and renamed mystore.jks to keystore.jks and
> restarted Glassfish ==>> keystore errors and Glassfish won't start, correct?
>
> #3# Assuming the above two observations are correct, you then changed the
> keystore password of the keystore.jks (renamed from mystore.jks) to
> changeit, correct? You can list the contents of the keystore with storepass
> = changeit, but when you Restarted Glassfish ==>> keystore errors and
> Glassfish won't start, correct?
>
> Glassfish needs the keypass and storepass values to be the same. You have
> two private key entries that have keypass values associated with them.
> These both need to be changed to changeit for Glassfish to start.
>
> Using JDK5, you type:
>
> keytool -keypasswd -alias wfgcert -keypass <current password> -new changeit
> -keystore keystore.jks -storepass changeit
> keytool -keypasswd -alias s1as -keypass <current password> -new changeit
> -keystore keystore.jks -storepass changeit
>
> If you are using JDK6, just type keytool at the command line to get the
> correct keytool syntax. Once these two signing keys are set to changeit,
> restart domain1 and you should be able to access Glassfish. For a clean
> install, I believe that the signing key for s1as is the problem, but
> changing both will allow you to change the certificate nickname to wfgcert
> once Glassfish is running, then you can change the master-password and
> signing keys to something other than changeit, once you have validated that
> the signed SSL certificate is functioning correctly.
>
> Please let me know how it goes.
>
> Derek
>
>
> -------- Original Message --------
> Subject: Re: Clean install, import key help requested *2nd*
> From: Lance Raymond <lraymond_at_weatherflow.com>
> Date: Thu, October 29, 2009 10:52 am
> To: users_at_glassfish.dev.java.net
>
> Update (nothing good), but still reading more on the keytool functions, I
> did change the password to changeit and a restart, but I do get that error.
>
> *keytool -list -v -storepass changeit -keystore keystore.jks*
>
> *Keystore type: JKS
> Keystore provider: SUN
> Your keystore contains 3 entries*
>
> No need to copy/paste all, but it does show the keystore.jks file password
> change worked. The error on the server is still the same;
> *
> Caused by: java.lang.IllegalStateException:
> java.security.UnrecoverableKeyException: Cannot recover key
> at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)
> ... 10 more
> Caused by: java.security.UnrecoverableKeyException: Cannot recover key*
>
>
> So I don't think I my thought was accurate. I am still reading, maybe
> import from the .cert file, etc. but man I thought I had it!
>
>
> On Thu, Oct 29, 2009 at 11:20 AM, Lance Raymond <lraymond_at_weatherflow.com>wrote:
>
>> Man, I appreciate all the typing! Actually most of that does make sense,
>> not working, but my question relates to that keystore.jks file. When I use
>> keytool to check it, it asks for a password. That password is not the
>> changeit default.
>>
>> So I did a clean install, works fine, admin console, etc. I stop
>> glassfish;
>> Rename keystore.jks keystore.jks.original.
>> Copy the backup one to that location
>> (/var/lib/glassfishv2/domains/domain1/config) and restart and it fails with
>> the same error in that massive log
>>
>> *Caused by: java.lang.IllegalStateException: Keystore was tampered with,
>> or password was incorrect*
>>
>> Now what I am trying to see is how do I tell glassfish use this password
>> for the keystore.jks file, --or-- how do I change the keystore.jks password
>> to change it. It simply seems that when glassfish goes to access that file,
>> it thinks the pw is changeit, can't load it and fails, as the error is exact
>> if I issue this;
>> *keytool -list -v -keystore keystore.jks -storepass changeit*
>> *keytool error: java.io.IOException: Keystore was tampered with, or
>> password was incorrect*
>>
>> But if I issue the new password; I do get the 3 alias's;
>> *
>> keytool -list -v -keystore keystore.jks
>> Enter keystore password: *
>>
>> *
>> Keystore type: JKS
>> Keystore provider: SUN
>> Your keystore contains 3 entries
>>
>> Alias name: wfgfcert
>> Creation date: Sep 23, 2009
>> Entry type: PrivateKeyEntry
>>
>> Alias name: root
>> Creation date: Sep 23, 2009
>> Entry type: trustedCertEntry
>> Owner: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>>
>> Alias name: slas
>>
>> Creation date: Oct 28, 2009
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> *
>>
>> So it seems I think I know what's going on, and there is probably 2 ways
>> to fix, change the password in the keystore file I made to changeit, or tell
>> glassfish to use the new file but use my new password.
>>
>> Thanks again
>>
>>
>> On Thu, Oct 29, 2009 at 1:50 AM, <bamoss_at_sceats.com> wrote:
>>
>>> Hi Lance,
>>>
>>> I'm not 100% clear what you did here.
>>>
>>> What I was trying to communicate was to delete the s1as alias from the
>>> existing keystore (since it is only a cert not a key) and to generate a new
>>> s1as alias as a keypair in the existing keystore, so that your keystore
>>> contains your chained PrivateKeyEntry (wgfcert) and the new s1as
>>> PrivateKeyEntry. When you state: "Lastly I simply overwrote the newly
>>> installed keystore.jks and restarted" -- you don't need to overwrite the
>>> current keystore, just amend it by deleting the s1as certificate and
>>> creating s1as as a signing key.
>>>
>>> If you had previously accessed the Glassfish Admin Console on
>>> http://<FQDN>:4848 <http://%3Cfqdn%3E:4848/> and changed the certificate
>>> nickname to wgfcert, then you must have both wgfcert and s1as in your
>>> keystore as PrivateKeyEntry for Glassfish to start.
>>>
>>> If you are having no joy with this, here is what should work, to get your
>>> signed certificate to work...
>>>
>>> 1. In the keystore that contains wgfcert shown as a
>>> PrivateKeyEntry, create s1as as a PrivateKeyEntry (keytool genkey)
>>> 2. Copy this keystore that has wgfcert and s1as shown as a
>>> PrivateKeyEntry to some safe location
>>> 3. Do a fresh install of Glassfish
>>> 4. Verify that you can access the Glassfish Admin Console on
>>> http://<FQDN>:4848 <http://%3Cfqdn%3E:4848/>
>>> 5. Replace the default keystore with your saved keystore that contains
>>> the wgfcert and s1as aliases (shown as a PrivateKeyEntry)
>>> 6. Restart Glassfish
>>> 7. Verify that you can access the Glassfish Admin Console on
>>> http://<FQDN>:4848 <http://%3Cfqdn%3E:4848/>
>>> 8. Goto Configuration > HTTP Services > HTTP Listeners and select
>>> http-listener-2, then select the SSL tab
>>> 9. For the certificate nickname, enter wgfcert
>>> 10. Restart Glassfish
>>> 11. Open a browser and enter https://<FQDN>:8181<https://%3Cfqdn%3E:8181/>
>>> => This should result in a Glassfish webpage showing that Glassfish is
>>> running on port 8181. Click on the SSL Padlock in the lower right hand
>>> side, and it should show your signed cert.
>>>
>>> If you want, you can then repeat the above for the admin listener (port
>>> 4848)
>>>
>>> With all of the above, I am assuming that the default master-password is
>>> still changeit, since you have done a fresh Glassfish install (ant -f
>>> setup.xml). Once all the above is working fine, you can then change the
>>> master-password, but you will need to use keytool to change keypass for
>>> alias wgfcert.
>>>
>>> Does all this make sense? Good luck and please let me know how it goes.
>>>
>>> Derek
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: Clean install, import key help requested *2nd*
>>> From: Lance Raymond <lraymond_at_weatherflow.com>
>>> Date: Wed, October 28, 2009 5:27 pm
>>> To: users_at_glassfish.dev.java.net
>>>
>>> ok, this is what I got so far;
>>> deleted the alias from that keystore file.
>>>
>>> Recreated using the following;
>>> * keytool -genkey -dname "CN=ws1.weatherflow.com, OU=Sun Java System
>>> Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US"
>>> -alias slas -keystore keystore.jks*
>>> **
>>> Note: I simply looked at a new server install slas which made sense. A
>>> check on that file now shows what you said about the private key;
>>> *Creation date: Oct 28, 2009
>>> Entry type: PrivateKeyEntry
>>> Certificate chain length: 1
>>> Certificate[1]:
>>> Owner: CN=ws1.domain.com, OU=Sun Java System Application Server, O=Sun
>>> Microsystems, L=Santa Clara, ST=California, C=US*
>>>
>>> Lastly I simply overwrote the newly installed keystore.jks and restarted,
>>> knowing in the back of my head it would fail, simply for this reason. The
>>> password on a new installed server I think is changeit or something similar
>>> where this keystore is not. So on a restart, looking at the logs I knew I
>>> would see this, and sure enough, saw it.
>>> *Caused by: java.lang.IllegalStateException: Keystore was tampered
>>> with, or password was incorrect*
>>>
>>> Which does make sense. So it seems I do 'understand' a bit more, and
>>> probably 80% where I want to be. So, the question now is do I tell
>>> glassfish, the new keystore password is this and if so how? Or the other
>>> idea, not sure if you can, is if I have the .cert file from the original,
>>> and a new clean install works, can you import that cert into a keystore on a
>>> new working server? Not sure which of the above is better (really don't
>>> even care anymore), just love to see it start and have the cert working :)
>>>
>>> Derek, you have been so helpful so far, I appreciate it!
>>>
>>>
>>>
>>> On Wed, Oct 28, 2009 at 6:15 PM, <bamoss_at_sceats.com> wrote:
>>>
>>>> Okay, this is good news. So you should be able to set the certificate
>>>> nickname to "wfgcert" once you get Glassfish started, if you haven't already
>>>> done so.
>>>>
>>>> One thing that jumps out at me is that alias "s1as" is Entry type:
>>>> trustedCertEntry. This should be Entry type: PrivateKeyEntry.
>>>>
>>>> Why don't you use keytool to delete alias s1as, then do a genkey and
>>>> create a new s1as alias. Set the validity out a couple of years. Restart
>>>> Glassfish (domain1) then see if you can access the Glassfish Admin Console
>>>> on port 4848.
>>>>
>>>> Once you have access to Glassfish Admin Console, go to Configuration >
>>>> HTTP Services > HTTP Listeners > SSL tab for port 8181 (and 4848 if you
>>>> want) and set/validate that the certificate nickname is set to
>>>> wfgcert. If you have to change it from s1as, restart Glassfish and click on
>>>> the padlock in the browser to validate that you are now using the signed SSL
>>>> cert.
>>>>
>>>> I believe that alias s1as can be fully replaced by editting domain.xml
>>>> and replacing s1as with wfgcert -- then restart domain1. Someone from Sun
>>>> would need to validate this.
>>>>
>>>> Finally, if you change the master-password, you need to manually change
>>>> keypass for any alias other than s1as. For Glassfish SSL, storepass and
>>>> keypass must be the same.
>>>>
>>>> Hope this helps. Good luck.
>>>>
>>>> Derek
>>>>
>>>> -------- Original Message --------
>>>> Subject: Re: Clean install, import key help requested *2nd*
>>>> From: Lance Raymond <lraymond_at_weatherflow.com>
>>>> Date: Wed, October 28, 2009 12:32 pm
>>>> To: users_at_glassfish.dev.java.net
>>>>
>>>> Actually yes, that much has :)
>>>>
>>>> Now I do have a backup keystore.jks file which I think he used and just
>>>> found, and do have the password. So I did the following; (note this is the
>>>> old one)
>>>> keytool -list -v -keystore keystore.jks (entered the pw) and have
>>>> this; (just including the good stuff)
>>>>
>>>> Keystore type: JKS
>>>> Keystore provider: SUN
>>>>
>>>> Your keystore contains 3 entries
>>>>
>>>> Alias name: wfgfcert
>>>> Creation date: Sep 23, 2009
>>>> Entry type: PrivateKeyEntry
>>>> Certificate chain length: 2
>>>> Certificate[1]:
>>>> Owner: CN=api.mydomain.com, OU=Domain Control Validated - RapidSSL(R),
>>>> OU=See www.rapidssl.com/resources/cps (c)09, OU=GT06273877, O=
>>>> api.mydomain.com, C=US
>>>> Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>>>>
>>>> Alias name: root
>>>> Creation date: Sep 23, 2009
>>>> Entry type: trustedCertEntry
>>>>
>>>> Owner: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>>>> Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>>>> Serial number: 35def4cf
>>>> Valid from: Sat Aug 22 12:41:51 EDT 1998 until: Wed Aug 22 12:41:51 EDT
>>>> 2018
>>>>
>>>>
>>>> Alias name: s1as
>>>> Creation date: Sep 23, 2009
>>>> Entry type: trustedCertEntry
>>>>
>>>> Owner: CN=api.domain.com, OU=Domain Control Validated - RapidSSL(R),
>>>> OU=See www.rapidssl.com/resources/cps (c)09, OU=GT06273877, O=
>>>> api.domain.com, C=US
>>>> Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>>>>
>>>>
>>>> So that was done last month and it looks like he imported the key into
>>>> the keystore.jks file (I almost sound like I know what I'm talking about)!
>>>> The only issue I see with that file is the last one, the s1as alias is using
>>>> the same domain info, where the new install uses the self-signed one. Not
>>>> sure if that matters or not as I don't really need that s1as alias, but you
>>>> say other things use it.
>>>>
>>>> As for not being around, doesn't matter, I have the laptop and will be
>>>> checking in all day/night :D Thanks again for the time already spent
>>>> helping.
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Oct 28, 2009 at 3:00 PM, <bamoss_at_sceats.com> wrote:
>>>>
>>>>> If you don't have the original keystore where the wflow alias was
>>>>> created, you may need to create a new keypair and get the certificate signed
>>>>> by rapidssl.
>>>>>
>>>>> The issue is that for SSL to work correctly, you need a keypair in your
>>>>> keystore. When you do a signing request to a CA, you export the certificate
>>>>> (not the key) then reimport the signed certificate. This gives you a chain
>>>>> keypair. What you need to see in your keystore when you do keytool -list -v
>>>>> -keystore keystore.jks, is the name of your alias (eg: wflow) followed by
>>>>> "Entry Type: keyEntry". You should also see this after alias "s1as". If
>>>>> you don't see this in your keystore, you need to go through the cert request
>>>>> process with the CA.
>>>>>
>>>>> Does this make sense?
>>>>>
>>>>> If not, I'll try to help, but will be offline for a couple of hours.
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: Clean install, import key help requested *2nd*
>>>>> From: Lance Raymond <lraymond_at_weatherflow.com>
>>>>> Date: Wed, October 28, 2009 11:44 am
>>>>> To: users_at_glassfish.dev.java.net
>>>>>
>>>>> 1st all can ignore the new post (sorry for the dup as it came from
>>>>> namble) and I am just mentally shot!
>>>>> Next;
>>>>> "If you used mystore.jks as the keystore where you created your
>>>>> original certificate request for alias" well unfortunatly I didn't create
>>>>> the request someone else did who left. I have just the .csr and .cert
>>>>>
>>>>> I have since wiped the app server again, so sitting idle with the
>>>>> following;
>>>>> default keystore.jks
>>>>> folder in my home with; trustedroot.crt, wfgfcert.csr, wfgfcert.cert
>>>>>
>>>>> I can access the normal app server on 8080, 8181 is the ssl port and
>>>>> the admin on 4848.
>>>>>
>>>>> So starting from step 1, can I simply import the wfgfcert into the
>>>>> existing keystore using wflow (I assume there can be multiple) since other
>>>>> things use that s1as alias, then change ssl to use that wflow alias?
>>>>>
>>>>> You threw alot out there (better than anything I have read) but dont
>>>>> want to screw up again!
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> On Wed, Oct 28, 2009 at 2:35 PM, <bamoss_at_sceats.com> wrote:
>>>>>
>>>>>> So with the original keystore.jks, which contains alias s1as, you are
>>>>>> able to access the glassfish admin console on port 4848, correct?
>>>>>>
>>>>>> If you used mystore.jks as the keystore where you created your
>>>>>> original certificate request for alias, then imported back the signed
>>>>>> certificate and the class and root certificate, you should see three
>>>>>> entries, a chained signing key and the two imported certificates (class and
>>>>>> root certs) in the mystore.jks keystore. However you won't have the s1as
>>>>>> self-signed certificate, that is in the original keystore, since this is
>>>>>> created when glassfish is built.
>>>>>>
>>>>>> If the above is true, create alias s1as using genkey in mystore.jks.
>>>>>> Then rename the keystore.jks to keystore.old and copy and rename mystore.jks
>>>>>> to keystore.jks. You should be able to log into the glassfish admin
>>>>>> console. I have enabled SSL on port 4848 and 8181, leaving 8080 for HTTP.
>>>>>> If you enable SSL on these ports, the default certificate nickname will be
>>>>>> "s1as". If you change this to "wflow", you should now be using your signed
>>>>>> certificate. This would be done by going to Configuration > HTTP Services >
>>>>>> HTTP Listeners > SSL tab. After this change, you need to restart Glassfish.
>>>>>>
>>>>>> Does this make sense?
>>>>>>
>>>>>> Note that you need to have alias s1as in your active keystore, as
>>>>>> other glassfish services use this certificate nickname. I suspect this is
>>>>>> why the blog entry recommends deleting the original s1as and generating a
>>>>>> new s1as alias for the certificate request. The other option if you don't
>>>>>> have s1as in the active keystore is to make the change in the domain.xml
>>>>>> file replacing all s1as certificate aliases with your alias, however,
>>>>>> editing the domain.xml file is not recommended.
>>>>>>
>>>>>> Hope this helps.
>>>>>>
>>>>>> Derek
>>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: RE: Clean install, import key help requested *2nd*
>>>>>> From: xlancealotx <lraymond_at_weatherflow.com>
>>>>>> Date: Wed, October 28, 2009 11:17 am
>>>>>> To: users_at_glassfish.dev.java.net
>>>>>>
>>>>>>
>>>>>> Yep, I have tried to both copy the mystore.jks over the keystore
>>>>>> (renaming it
>>>>>> to keystore), trying importing into the existing file. Also tried
>>>>>> using a
>>>>>> different alias, changing in the admin and restarting, all still fail.
>>>>>>
>>>>>> There are a few docs out there, all pretty much say the same few
>>>>>> things
>>>>>> which is why I am surprised I am having such a hard time and the error
>>>>>> is
>>>>>> just so vague.
>>>>>>
>>>>>>
>>>>>>
>>>>>> bamoss wrote:
>>>>>> >
>>>>>> > Did you replace the existing keystore with your new keystore,
>>>>>> mykeystore
>>>>>> > and rename it to keystore.jks? Does your new keystore contain the
>>>>>> s1as
>>>>>> > alias? Derek
>>>>>> >
>>>>>> >
>>>>>> > -------- Original Message --------
>>>>>> > Subject: Clean install, import key help requested *2nd*
>>>>>> > From: glassfish_at_javadesktop.org
>>>>>> > Date: Wed, October 28, 2009 8:18 am
>>>>>> > To: users_at_glassfish.dev.java.net
>>>>>> >
>>>>>> > ok, since over a day passed, 40+ people viewed an no response,
>>>>>> figured I
>>>>>> > would just wipe the gf server and start from scratch. I already have
>>>>>> the
>>>>>> > paid cert from rapidssl and have a clean GF2 server running. I
>>>>>> followed a
>>>>>> > few simple steps from
>>>>>> > http://wiki.glassfish.java.net/Wiki.jsp?page=How_to_ssl_versign and
>>>>>> have
>>>>>> > the same issue. So maybe since it's a clean install, new alias, I
>>>>>> can get
>>>>>> > at least one response! With that, I did the following;
>>>>>> >
>>>>>> > [b]Step 1[/b]
>>>>>> > keytool -import -alias wflow -keystore mykeystore.jks -trustcacerts
>>>>>> -file
>>>>>> > wfgfcert.cert
>>>>>> > Enter keystore password:
>>>>>> > Re-enter new password:
>>>>>> > Certificate was added to keystore
>>>>>> >
>>>>>> > I had a trustedroot.cert from rapidssl which they said I might need
>>>>>> to
>>>>>> > install, when I did I got the following;
>>>>>> > keytool -import -trustcacerts -keystore mykeystore.jks -alias
>>>>>> rapidssl
>>>>>> > -file trustedroot.crt
>>>>>> > Enter keystore password:
>>>>>> > Certificate already exists in system-wide CA keystore under alias
>>>>>> > &lt;equifaxsecureca&gt;
>>>>>> > Do you still want to add it to your own keystore? [no]:
>>>>>> >
>>>>>> > So to me, that means no, it already knows there good!
>>>>>> > [b]Step 2 (per the docs);[/b]
>>>>>> > cp mykeystore.jks
>>>>>> /var/lib/glassfishv2/domains/domain1/config/keystore.jks
>>>>>> >
>>>>>> > [b]Step 3 - make the change[/b]
>>>>>> > Logged into the admin gui, there are 2 http-listener-2 (one under
>>>>>> > default-config and the other under server-config) and the doc
>>>>>> doesn't tell
>>>>>> > which so I figure do both.
>>>>>> >
>>>>>> > [b]Step 4: I try to start[/b]
>>>>>> > /usr/share/glassfishv2/bin/asadmin start-domain domain1
>>>>>> > Starting Domain domain1, please wait.
>>>>>> > Log redirected to
>>>>>> /var/lib/glassfishv2/domains/domain1/logs/server.log.
>>>>>> > Please enter the admin user name&gt;admin
>>>>>> > Please enter the admin password&gt;adminadmin
>>>>>> > Redirecting output to
>>>>>> /var/lib/glassfishv2/domains/domain1/logs/server.log
>>>>>> > Domain domain1 failed to startup. Please check the server log for
>>>>>> more
>>>>>> > details.
>>>>>> > CLI156 Could not start the domain domain1.
>>>>>> >
>>>>>> > The log shows the same;
>>>>>> > [i]Caused by: java.lang.IllegalStateException: Keystore was tampered
>>>>>> with,
>>>>>> > or password was incorrect
>>>>>> > [/i]
>>>>>> >
>>>>>> > I didn't see anyplace that said to enter the keystore password, or
>>>>>> where
>>>>>> > to put it, could that be it? Either way, I'm stuck, and really would
>>>>>> > appreciate some type of help. I do try to provide as much as
>>>>>> possible,
>>>>>> > and not the 'help' on the subject, but don't know what else to try
>>>>>> as this
>>>>>> > java.net seems to be the right and best place to post!
>>>>>> >
>>>>>> > Thanks
>>>>>> > [Message sent by forum member 'xlancealotx' (
>>>>>> lraymond_at_weatherflow.com)]
>>>>>> >
>>>>>> > http://forums.java.net/jive/thread.jspa?messageID=369651
>>>>>> >
>>>>>> >
>>>>>> ---------------------------------------------------------------------
>>>>>> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> ---------------------------------------------------------------------
>>>>>> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Clean-install%2C-import-key-help-requested-*2nd*-tp26096557p26099527.html
>>>>>> Sent from the java.net - glassfish users mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>>>>> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>>>> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>>> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.