Cannot open file:/opt/lucee/tomcat/lucee-server/context/security/cacerts [Keystore was tampered with, or password was incorrect]


#1

This errors occurs when setting up an AWS RDS MySQL datasource in Lucee Administator. It occurs when the database is deleted and re-created. The endpoints stay the same, all AWS settings remain the same. If I use a fresh Lucee instance… it will setup a new connection just fine. Every time a database is recreated, Lucee will no longer make a db connection and gives the following error.

Cannot open file:/opt/lucee/tomcat/lucee-server/context/security/cacerts [Keystore was tampered with, or password was incorrect]

Any ideas on how to fix this?


#2

There might be a way to restart the JDBC connection you have with the database, but I’m not sure how you would do that.

Why not restart Lucee server when you delete and re-create the database?


#3

I have restarted the server. It appears that once a datasource connection is made, that authorization or verification to the db domain is saved somewhere. When the database is deleted and recreated… for example, I changed from MySQL 5.6 to 5.7… it will not authorize anymore.

I’m able to go to a fresh install of Lucee and create a new datasource connection to the new database.

Even when I went from 5.7 back to 5.6… same thing… a previously connected Lucee will not connect to a new database.


#4

Did you ever got passed this issue? I’m trying to create a db connection with lucee 5.2.6.60 and mysql 8, but get the same error.


#5

have you got a stack trace?


#6

keystore-error-stacktrace.txt (7.9 KB)

This is the complete stacktrace from the error as logged in application.log (web-inf).
It implies that the keystore password authentication failed. Found that its default password is “changeit” and never changed it :thinking:.


#7

file a bug in jira https://luceeserver.atlassian.net/secure/Dashboard.jspa


#8

I had this same issue the other day. It was because MySQL changed the authentication mechanism. I had to go with the “Legacy” authentication rather than the more “Secure” method they auto select on install. I can’t remember the exact terms used off the top of my head right now but if you re-install MySQL just pay attention to the steps and make sure to go with the older authentication method.


#9

I just re-read your problem and it sounds like it is slightly different than the one I was experiencing but I was receiving the same error as you. A fresh Lucee install wasn’t working for me. Hope you get it figured out.


#10

Hey, I experienced the same exact problem.

I got it fixed by manually adding the data-source to the lucee\tomcat\lucee-server\context\lucee-server.xml file Then restarted lucee and it was working. I’m on the cfml:lucee Slack channel if you have any questions.


#11

Thanks! This worked for me.

I just tried adding the datasource in application.cfc and providing a bunch of extra params found here, but that didn’t work.

I managed to add the datasource in de server.cfm interface by unchecking ‘verify connection’, and then as you suggested edited lucee-server.xml. The datasource will be defined there after it is added in the server.cfm interface, so all i had to do is add 2 values to the “custom” attribute:

&useSSL=false&requireSSL=false

restarted lucee and everything worked.

Thanks a lot!


#12

Hi Guys

Im am having (what i think is the same problem) with connecting Lucee 5.2.7.063 datasource to MySQL 8.0…

I’m having to use windows 7(6.1) 64bit (I know not my choice)

I have aslo updated my lucee extensions and also downloaded the “Oracle 12c 12.1.0.2 (release 1)” (tested before and after) because MySQL is an oracle product.

I have also gone to “lucee\tomcat\lucee-server\context\lucee-server.xml” and updated my datasource tag by adding

&useSSL=false&requireSSL=false

to the end of custom var within the tag shown below

<data-source allow="511" blob="false" class="com.mysql.cj.jdbc.Driver" clob="false" connectionTimeout="1" custom="useUnicode=true&amp;characterEncoding=UTF-8&amp;useLegacyDatetimeCode=true&amp;useSSL=false&amp;requireSSL=false" database="liquiddata" dbdriver="MySQL" dsn="jdbc:mysql://{host}:{port}/{database}" host="localhost" id="mysql" metaCacheTimeout="60000" name="liquiddata" param-delimiter="&amp;" param-leading-delimiter="?" param-separator="=" password="encrypted:f150b3e973a9532b35ef157bfc114a21af0295aa39447dba0c8bf9ecc991ab7d" port="3306" storage="false" username="root" validate="false"/></data-sources>

I apologise if i’m being an idiot and missing something obvious, any help would be greatly appreciated…


#13

To clarify i am getting the error message “Cannot open file:/opt/lucee/tomcat/lucee-server/context/security/cacerts [Keystore was tampered with, or password was incorrect]”

I’ve also inputed the datasource without verifying, then manually edited the lucee-server.xml file restarted lucee without success.


#14

Your edits to <data-source> seem good. Your error message is exactly the same as i got, and you’ve restarted. Your case looks a lot like what i had.

The only minor difference i can spot is that I’m not using mysql root user in the datasource. I had authentication issues before with mysql and root user, so it could be related, but it’s a long shot.

I also didn’t bother with an oracle download and running on ubuntu …


#15

Thank you Jan i’ll shall be trying this tomorrow and ill let you guys know how i get on. I think it’s probably old windows and i’m going to have to get my client onto a newer version…
Again thanks for looking at this.


#16

Hi guys, I’ve seen this come up a number of times now in CFML Slack, here (obviously!) and in other Slack channels. I haven’t followed it super close but it sure sounds like something needs addressed in Lucee for this. I don’t see an issue in the JIRA tracker after searching for the error message. Can someone spearhead getting this into the Lucee issue tracker if there is indeed an issue here? For instance, turning off SSL may get it working as a workaround, but that sounds like work needs done in Lucee to support SSL correctly.

cc/ @Jon_Clausen