geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Svensson (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-4451) locking and unlocking for availability of a keystore results in duplicate attributes in config.xml
Date Sun, 07 Dec 2008 11:05:44 GMT
locking and unlocking for availability of a keystore results in duplicate attributes in config.xml
--------------------------------------------------------------------------------------------------

                 Key: GERONIMO-4451
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4451
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.1.3
         Environment: Ubuntu Linux 8.10, Sun Java 1.6, Geronimo 2.1.3 w/ Jetty.
            Reporter: Christian Svensson


Transcribing mail conversation:

Hello!

I've been trying for the better part of today getting keystores to automatically unlock on
startup - with very limited success.
Is there something that I should know about keystore password / key password? Digging around
some old mailing list threads said something about key password must be equal to keystore
password - any more of those gotchas?

The problem is that I create (or change password on geronimo-default for that matter) a new
keystore, assign SSL to use the certificate and restart the server:
org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'plasma-ssl' is locked;
please use the keystore page in the admin console to unlock it
        at org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
        at org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54)


Resetting the SSL connector to using geronimo-default / geronimo with secret / secret as passwords
makes it work again - but why on earth doesn't Geronimo unlock my keystores on startup? I
mean, it saves the password (or something like it) in config.xml.

-----
This is how I created my setup:

1. Create a new keystore 'plasma-ssl'
2. Create a new private key 'wildcard'
3. Now the text on "Available" says "trust only" or something like that, I lock it and then
unlock it in order for it to change to "1 key ready"
4. Then I configure my HTTPS connector to use the new keystore
5. Since the web server does not seem to do anything when I press "Shutdown" in the console,
I use Ctrl+C to kill it.
6. Start the server again
7. Message appears.

---

Hmm...  the 3rd step is indeed unearthing a bug.  At that step, a second "attribute" element
is getting added (instead of replacing the existing element) to the keystore gbean for keystorePassword
and keyPasswords attributes in config.xml .  Can you create an issue in the JIRA [1]? The
problem summary is, "locking and unlocking for availability of a keystore results in duplicate
attributes in config.xml".



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message