Ranger error "Keystore was tampered with, or password was incorrect"

DiehlJ — Mon, 17 Feb 2020 23:42:31 GMT

Hi, we get the following Ranger error - maybe you can help me to fix it as soon as possible?! (We activated MIT Kerberos). Thanks in advance!

How can I check that the password of the keystore file is correct? And where can I change it?

Feb 17, 2020 4:29:56 PM org.apache.ranger.server.tomcat.EmbeddedServer start
INFO: Provided Kerberos Credential : Principal = rangeradmin/pdeluh0004392.hub.deluh.example.com@RDDL.PROD.EXAMPLE.COM and Keytab = /etc/security/keytabs/rangeradmin.service.keytab
Feb 17, 2020 4:29:56 PM org.apache.ranger.server.tomcat.EmbeddedServer$1 run
INFO: Starting Server using kerberos credential
Feb 17, 2020 4:29:57 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-6182"]
Feb 17, 2020 4:29:57 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-6182"]
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:497)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:381)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:654)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:594)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:539)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:255)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:728)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:560)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:840)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:370)
at org.apache.ranger.server.tomcat.EmbeddedServer.startServer(EmbeddedServer.java:271)
at org.apache.ranger.server.tomcat.EmbeddedServer.access$100(EmbeddedServer.java:44)
at org.apache.ranger.server.tomcat.EmbeddedServer$1.run(EmbeddedServer.java:253)
at org.apache.ranger.server.tomcat.EmbeddedServer$1.run(EmbeddedServer.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.ranger.server.tomcat.EmbeddedServer.start(EmbeddedServer.java:249)
at org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:68)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783)
... 30 more

Re: Ranger error "Keystore was tampered with, or password was incorrect"

Kartik_Agarwal — Thu, 20 May 2021 06:23:06 GMT

To work further on this you need to verify the ranger Keystore and Truststore password.

To do that please use the below command.
>> Keytool -list -keystore /Path/to/the/keystore

The above command will ask for the password, if you enter the right password it will show the data else not. You need to use the same configuration under the ranger configuration.

Re: Ranger error "Keystore was tampered with, or password was incorrect"

tusharkathpal — Thu, 20 May 2021 11:44:10 GMT

It seems a wrong configuration/password is passed in ranger configuration which is unable to open the keystore using the same.

$JAVA_HOME/keytool -list -keystore <keystore path with .keystore.jks> -storepass <password>

Check with the above command if you are able to list the keystore contents using the password you pass above. Ensure the same is configured in the ranger configuration.

Re: Ranger error "Keystore was tampered with, or password was incorrect"

noekmc — Thu, 18 May 2023 20:46:23 GMT

How can i ingress/changed keystore password by terminal ?

Re: Ranger error "Keystore was tampered with, or password was incorrect"

Kartik_Agarwal — Wed, 31 May 2023 09:36:51 GMT

@noekmc

Change the keystore password: Use the following command to change the keystore password:

keytool -storepasswd -keystore /path/to/keystore.jks

question Re: Ranger error "Keystore was tampered with, or password was incorrect" in Support Questions

Ranger error "Keystore was tampered with, or password was incorrect"

Re: Ranger error "Keystore was tampered with, or password was incorrect"

Re: Ranger error "Keystore was tampered with, or password was incorrect"

Re: Ranger error "Keystore was tampered with, or password was incorrect"

Re: Ranger error "Keystore was tampered with, or password was incorrect"