Tomcat, OpenSSL, SSL error with keytool: Keystore was tampered with, or password was incorrect
I need help, first of all, in any of stackoverflow posts I can't found a correct answer.
I'm tring to set my Web application in tomcat server with SSL using Keytool and Certbot First I used Certbot and generated the respectives .pem files (privkey.pem, fullchain.pem, etc). After that I did this steps:
Add with OpenSSL my privkey.pem to JKS
My password is too simple "123456", impossible to forget. (I'm just trying)
After that I convert the pkcs12 to JKS with:
Finally Add the chain.pem to my Keystore. In this step I enter the password that I entered previously. And I get the meesage:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
If I edit my server.xml file in Tomcat server with connector 8443 and my keystore, when I start server I get the same error in catalina.out.
The password of your MyDSKeyStore.jks file is '-destkeypass', as a consequence of the way keytool parses the second commandline you used: -deststorepass should be followed be the password. In your case it is followed by -destkeypass.
Remark: Your question seems to be na XY problem: you want to configure a Tomcat SSL connector using certificates in PEM format, so you ask how to transform a PEM certificate into JKS. While the procedure you show is almost correct, it is useless on modern Tomcat's (cf. this answer): Tomcat supports PKCS12 files since version 5.5 at least and supports certificates in PEM format since version 8.5. There is no need to convert anything.