Return-Path: 
 <user-return-12102-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 75247 invoked from network); 4 Dec 2008 20:38:39 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 4 Dec 2008 20:38:39 -0000
Received: (qmail 59411 invoked by uid 500); 4 Dec 2008 20:38:49 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 59388 invoked by uid 500); 4 Dec 2008 20:38:49 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 59376 invoked by uid 99); 4 Dec 2008 20:38:49 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Dec 2008 12:38:49 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of kevan.miller@gmail.com
 designates 209.85.221.18 as permitted sender)
Received: from [209.85.221.18] (HELO mail-qy0-f18.google.com) (209.85.221.18)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Dec 2008 20:37:20 +0000
Received: by qyk11 with SMTP id 11so5365558qyk.19
        for <user@geronimo.apache.org>; Thu, 04 Dec 2008 12:38:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:from:to
         :in-reply-to:content-type:content-transfer-encoding:mime-version
         :subject:date:references:x-mailer;
        bh=A7AbTQWNLFEWbwyZJETkcLLccOZ1Vx1cvx6pBrSckUM=;
        b=V5qMTZZtOBsEE95YhSfc66OHC1XWTQyLwB+5O7TrsVhsqdc0ObwzyncIpzrHAytcKu
         G6tEw8cNlOzMO1n6hNbU38LJtK/dv+o2ORrNVzt9HzvlYAUycskO7rCrWto8Xq/O7NXw
         V2/4HnCGz1/E/FJzhBL6JiyRsfIim69JBnPak=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:from:to:in-reply-to:content-type
         :content-transfer-encoding:mime-version:subject:date:references
         :x-mailer;
        b=YphoYKwFu2ITAYu/Vt5lJT3mGAoDqvgMvfxCKQXhQbUSmTcnarNTEDH5gWPVWHFaqC
         o37NbxuM0ocqP8fnZcNrEJpTIUKKjff3aaj8rArVVrV/CneNxf507BBW6cZJZLQVm4Rn
         c55g4dcw+1EsRMgOeTLzHm1LE54ubEzDB0DWg=
Received: by 10.214.182.12 with SMTP id e12mr15453495qaf.298.1228423087977;
        Thu, 04 Dec 2008 12:38:07 -0800 (PST)
Received: from coltrane-009027039095.raleigh.ibm.com (bi01p1.nc.us.ibm.com
 [129.33.49.251])
        by mx.google.com with ESMTPS id 7sm5410620qwf.47.2008.12.04.12.38.04
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 04 Dec 2008 12:38:06 -0800 (PST)
Message-Id: <E14C5F36-4941-4660-989E-4AFD3F5B4DCA@gmail.com>
From: Kevan Miller <kevan.miller@gmail.com>
To: user@geronimo.apache.org
In-Reply-To: <b6525da10812011618t408578e5vc73b3d2231295213@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Subject: Re: Geronimo, keystores and SSL
Date: Thu, 4 Dec 2008 15:38:03 -0500
References: <b6525da10812011618t408578e5vc73b3d2231295213@mail.gmail.com>
X-Mailer: Apple Mail (2.929.2)
X-Virus-Checked: Checked by ClamAV on apache.org


On Dec 1, 2008, at 7:18 PM, Christian Svensson wrote:

> Hello!
>
> I've been trying for the better part of today getting keystores to  
> automatically unlock on startup - with very limited success.
> Is there something that I should know about keystore password / key  
> password? Digging around some old mailing list threads said  
> something about key password must be equal to keystore password -  
> any more of those gotchas?
>
> The problem is that I create (or change password on geronimo-default  
> for that matter) a new keystore, assign SSL to use the certificate  
> and restart the server:
> org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore  
> 'plasma-ssl' is locked; please use the keystore page in the admin  
> console to unlock it
>         at  
> org 
> .apache 
> .geronimo 
> .security 
> .keystore 
> .FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
>         at  
> org 
> .apache 
> .geronimo 
> .jetty6 
> .connector 
> .GeronimoSelectChannelSSLListener 
> .createSSLContext(GeronimoSelectChannelSSLListener.java:54)
>
>
> Resetting the SSL connector to using geronimo-default / geronimo  
> with secret / secret as passwords makes it work again - but why on  
> earth doesn't Geronimo unlock my keystores on startup? I mean, it  
> saves the password (or something like it) in config.xml.

Hmm. I recall an issue similar to this. Can't say that I've tried it,  
either. Hoping that maybe Vamsi can offer some advice?

--kevan