geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Svensson" <b...@cmd.nu>
Subject Geronimo, keystores and SSL
Date Tue, 02 Dec 2008 00:18:56 GMT
Hello!

I've been trying for the better part of today getting keystores to
automatically unlock on startup - with very limited success.
Is there something that I should know about keystore password / key
password? Digging around some old mailing list threads said something about
key password must be equal to keystore password - any more of those gotchas?

The problem is that I create (or change password on geronimo-default for
that matter) a new keystore, assign SSL to use the certificate and restart
the server:
org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
'plasma-ssl' is locked; please use the keystore page in the admin console to
unlock it
        at
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
        at
org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54)


Resetting the SSL connector to using geronimo-default / geronimo with secret
/ secret as passwords makes it work again - but why on earth doesn't
Geronimo unlock my keystores on startup? I mean, it saves the password (or
something like it) in config.xml.

Greetings,
-- 
Christian Svensson
Command Systems

Mime
View raw message