geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-4451) locking and unlocking for availability of a keystore results in duplicate attributes in config.xml
Date Mon, 08 Dec 2008 14:40:45 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Donald Woods updated GERONIMO-4451:
-----------------------------------

      Component/s: console
    Fix Version/s: 2.2
                   2.1.4

adding target fix versions

> locking and unlocking for availability of a keystore results in duplicate attributes
in config.xml
> --------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4451
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4451
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console, security
>    Affects Versions: 2.1.3
>         Environment: Ubuntu Linux 8.10, Sun Java 1.6, Geronimo 2.1.3 w/ Jetty.
>            Reporter: Christian Svensson
>             Fix For: 2.1.4, 2.2
>
>
> Transcribing mail conversation:
> Hello!
> I've been trying for the better part of today getting keystores to automatically unlock
on startup - with very limited success.
> Is there something that I should know about keystore password / key password? Digging
around some old mailing list threads said something about key password must be equal to keystore
password - any more of those gotchas?
> The problem is that I create (or change password on geronimo-default for that matter)
a new keystore, assign SSL to use the certificate and restart the server:
> org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'plasma-ssl' is locked;
please use the keystore page in the admin console to unlock it
>         at org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
>         at org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54)
> Resetting the SSL connector to using geronimo-default / geronimo with secret / secret
as passwords makes it work again - but why on earth doesn't Geronimo unlock my keystores on
startup? I mean, it saves the password (or something like it) in config.xml.
> -----
> This is how I created my setup:
> 1. Create a new keystore 'plasma-ssl'
> 2. Create a new private key 'wildcard'
> 3. Now the text on "Available" says "trust only" or something like that, I lock it and
then unlock it in order for it to change to "1 key ready"
> 4. Then I configure my HTTPS connector to use the new keystore
> 5. Since the web server does not seem to do anything when I press "Shutdown" in the console,
I use Ctrl+C to kill it.
> 6. Start the server again
> 7. Message appears.
> ---
> Hmm...  the 3rd step is indeed unearthing a bug.  At that step, a second "attribute"
element is getting added (instead of replacing the existing element) to the keystore gbean
for keystorePassword and keyPasswords attributes in config.xml .  Can you create an issue
in the JIRA [1]? The problem summary is, "locking and unlocking for availability of a keystore
results in duplicate attributes in config.xml".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message