My Oracle Support Banner

JDBC Connection To Oracle Database Using TCPS Fails With java.io.IOException: Keystore was tampered with, or password was incorrect (Doc ID 2264057.1)

Last updated on JUNE 14, 2023

Applies to:

JDBC - Version 11.2.0.4.0 and later
Information in this document applies to any platform.

Symptoms

TCPS connection from ColdFusion 2016 using Java 1.8.0 with JDBC 12.1.0.2 ojdbc7.jar fails with:



TCP connections work successfully.

Note: The issue is not specific to ColdFusion. It can happen with any application/web server.



STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1. Create a self-signed certificate in the database wallet
2. Export and import it into the java cacerts file used by ColdFusion .
3. Export the IIS server certificate and its certificate chain (as base 64 certificate files)
4. Import those certificates into the database wallet as trusted certificates.
5. Set SSL_CLIENT_AUTHENTICATION=FALSE in the sqlnet.ora (no client authentication)
6. Set ColdFusion java arguments: "-server -XX:MaxPermSize=256m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1 -Dcoldfusion.enablefipscrypto=true"





Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.