geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Reeder" <reeder...@gmail.com>
Subject Re: Set Keystore Password From GShell?
Date Tue, 18 Nov 2008 18:28:49 GMT
I'm using 2.1.3 (Jetty), and the server rejects keystorePass as an illegal
parameter or some such.   I'm not sure what else I'd want to check before
filing a JIRA.

On Tue, Nov 18, 2008 at 11:09 AM, Donald Woods <dwoods@apache.org> wrote:

> If you are using the Tomcat assembly (I'm looking at 2.1.x), then there is
> a complete example of a HTTPS connector in config.xml, which includes the
> keystorePass attribute -
>
>        <gbean name="TomcatWebSSLConnector">
>            <attribute name="host">${ServerHostname}</attribute>
>            <attribute name="port">${HTTPSPort + PortOffset}</attribute>
>            <attribute name="maxHttpHeaderSize">8192</attribute>
>            <attribute name="maxThreads">150</attribute>
>            <attribute name="minSpareThreads">25</attribute>  <attribute
> name="maxSpareThreads">75</attribute>
>            <attribute name="enableLookups">false</attribute>
>            <attribute name="acceptCount">100</attribute>
>            <attribute name="disableUploadTimeout">false</attribute>
>            <attribute name="clientAuth">false</attribute>
>            <attribute name="algorithm">Default</attribute>
>            <attribute name="sslProtocol">TLS</attribute>
>            <attribute
> name="keystoreFile">var/security/keystores/geronimo-defau
> lt</attribute>
>            <attribute name="keystorePass">secret</attribute>
>            <attribute name="keystoreType">JKS</attribute>
>        </gbean>
>
>
> -Donald
>
>
> Doug Reeder wrote:
>
>> http://cwiki.apache.org/GMOxDOC21/administering-certificates.html
>> explains how to configure an HTTPS listener to use SSL, including setting
>> the keystore and keystore password.  However, this requires the console,
>> which is not installed on my production server, to keep the memory footprint
>> small.
>>
>> I can set the keystore used by the HTTPS listener on my production server
>> in var/config/config.xml, but not the password.  Is there a way to do this
>> from GShell, or bash?
>>
>>
>>

Mime
View raw message