Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Invalid keystore format, integrity check failed and Algorithm HmacPBESHA256 not available

Andreas Schmitt
Andreas Schmitt November 4, 2021

hello, we are running confluence server 7.13.0 without ssl. 

System is running under Windows Server 2016 Standard with all MS-Patches.

To activate ssl on 7.13.0 server the first time i cloned my environment with the developer license and everything is running fine.

Now i want to activate the ssl encyption in my test-environment to aply it also in the productiv system later.

This is my first touch with ssl, so i follow the steps on https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html 

everything seams to be fine but after starting the server 8443 is not accessible.

The catalina Log shows the follow lines

04-Nov-2021 08:36:23.435 SCHWERWIEGEND [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Konnte Komponente [Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443]] nicht initialisieren
org.apache.catalina.LifecycleException: Protocol handler initialization failed
....
Caused by: java.lang.IllegalArgumentException: Invalid keystore format
....
Caused by: java.io.IOException: Invalid keystore format
....

after testing my ".keystore" file i got the following error

C:\Users\Administrator>"c:\Program Files\Atlassian\ConfluenceSQL\jre\bin\keytool.exe" -list -keystore .keystore
Keystore-Kennwort eingeben:
Keytool-Fehler: java.io.IOException: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

In the documentation to java i found a hint that HmacPBESHA256 is available at jdk version 12 or above
https://www.java.com/en/configure_crypto.html (jump to "Upgrading the default PKCS12 MAC algorithm")

but the keytool and the java.exe in the confluence server environment is only openjdk 11.0.8

C:\Users\Administrator>"c:\Program Files\Atlassian\ConfluenceSQL\jre\bin\java.exe" --version
openjdk 11.0.8 2020-07-14
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.8+10)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.8+10, mixed mode)

my enviroment was updated a couple weeks from 7.7.0 to 7.13.0. Did my update missed something or is the documentation to install the ssl environment outdated?

what am i doing wrong?

 

best regards

Andreas

Answer
Watch
Like Be the first to like this
6712 views

1 answer

0 votes
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 15, 2021

@Andreas Schmitt 

Did you follow the steps here: https://confluence.atlassian.com/conf713/running-confluence-over-ssl-or-https-1077914628.html

View More Comments
Andreas Schmitt
Andreas Schmitt November 15, 2021

@BRA 

thanks for your answer. the only difference between your link and my link in my question is the version 7.13.

i had compare both and found nothing difference.

so - yes as i wrote, i followed the steps.

I don't want to completely rule out that I have overlooked something or made a mistake but I believe, after having gone through this several times, that I have done everything correctly.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.13.0
TAGS
AUG Leaders

Atlassian Community Events

    See all events