geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Re: Geronimo, keystores and SSL
Date Thu, 04 Dec 2008 20:38:03 GMT

On Dec 1, 2008, at 7:18 PM, Christian Svensson wrote:

> Hello!
>
> I've been trying for the better part of today getting keystores to  
> automatically unlock on startup - with very limited success.
> Is there something that I should know about keystore password / key  
> password? Digging around some old mailing list threads said  
> something about key password must be equal to keystore password -  
> any more of those gotchas?
>
> The problem is that I create (or change password on geronimo-default  
> for that matter) a new keystore, assign SSL to use the certificate  
> and restart the server:
> org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore  
> 'plasma-ssl' is locked; please use the keystore page in the admin  
> console to unlock it
>         at  
> org 
> .apache 
> .geronimo 
> .security 
> .keystore 
> .FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
>         at  
> org 
> .apache 
> .geronimo 
> .jetty6 
> .connector 
> .GeronimoSelectChannelSSLListener 
> .createSSLContext(GeronimoSelectChannelSSLListener.java:54)
>
>
> Resetting the SSL connector to using geronimo-default / geronimo  
> with secret / secret as passwords makes it work again - but why on  
> earth doesn't Geronimo unlock my keystores on startup? I mean, it  
> saves the password (or something like it) in config.xml.

Hmm. I recall an issue similar to this. Can't say that I've tried it,  
either. Hoping that maybe Vamsi can offer some advice?

--kevan

Mime
View raw message