Cannot open file:/opt/lucee/tomcat/lucee-server/context/security/cacerts [Keystore was tampered with, or password was incorrect]


This errors occurs when setting up an AWS RDS MySQL datasource in Lucee Administator. It occurs when the database is deleted and re-created. The endpoints stay the same, all AWS settings remain the same. If I use a fresh Lucee instance… it will setup a new connection just fine. Every time a database is recreated, Lucee will no longer make a db connection and gives the following error.

Cannot open file:/opt/lucee/tomcat/lucee-server/context/security/cacerts [Keystore was tampered with, or password was incorrect]

Any ideas on how to fix this?


There might be a way to restart the JDBC connection you have with the database, but I’m not sure how you would do that.

Why not restart Lucee server when you delete and re-create the database?


I have restarted the server. It appears that once a datasource connection is made, that authorization or verification to the db domain is saved somewhere. When the database is deleted and recreated… for example, I changed from MySQL 5.6 to 5.7… it will not authorize anymore.

I’m able to go to a fresh install of Lucee and create a new datasource connection to the new database.

Even when I went from 5.7 back to 5.6… same thing… a previously connected Lucee will not connect to a new database.


Did you ever got passed this issue? I’m trying to create a db connection with lucee and mysql 8, but get the same error.


have you got a stack trace?


keystore-error-stacktrace.txt (7.9 KB)

This is the complete stacktrace from the error as logged in application.log (web-inf).
It implies that the keystore password authentication failed. Found that its default password is “changeit” and never changed it :thinking:.


file a bug in jira


I had this same issue the other day. It was because MySQL changed the authentication mechanism. I had to go with the “Legacy” authentication rather than the more “Secure” method they auto select on install. I can’t remember the exact terms used off the top of my head right now but if you re-install MySQL just pay attention to the steps and make sure to go with the older authentication method.


I just re-read your problem and it sounds like it is slightly different than the one I was experiencing but I was receiving the same error as you. A fresh Lucee install wasn’t working for me. Hope you get it figured out.


Hey, I experienced the same exact problem.

I got it fixed by manually adding the data-source to the lucee\tomcat\lucee-server\context\lucee-server.xml file Then restarted lucee and it was working. I’m on the cfml:lucee Slack channel if you have any questions.


Thanks! This worked for me.

I just tried adding the datasource in application.cfc and providing a bunch of extra params found here, but that didn’t work.

I managed to add the datasource in de server.cfm interface by unchecking ‘verify connection’, and then as you suggested edited lucee-server.xml. The datasource will be defined there after it is added in the server.cfm interface, so all i had to do is add 2 values to the “custom” attribute:


restarted lucee and everything worked.

Thanks a lot!