tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38217] New: - mention that private key password and keystore password need to be the same (avoid "IOException: Cannot recover key")
Date Tue, 10 Jan 2006 19:01:38 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38217

           Summary: mention that private key password and keystore password
                    need to be the same (avoid "IOException: Cannot recover
                    key")
           Product: Tomcat 5
           Version: 5.5.14
          Platform: Other
               URL: http://tomcat.apache.org/tomcat-5.5-doc/ssl-
                    howto.html#Prepare the Certificate Keystore
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connector:Coyote
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: hauser@acm.org


As per org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystorePassword()
"keypass" and "keystorePass" are the same.

If e.g. with using http://sf.net/projects/portecle, some people are tempted to
set a different key on the private key.

Then, they get
<<Error initializing endpoint
java.io.IOException: Cannot recover key
 at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
 at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
 at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
 at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
 at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
...>>

It would be great if there were a cautionary note in the ssl-howto.html

see also http://www.ponton-consulting.de/en/faq/faq_advanced.html

I guess the test at the bottom of
http://marc.theaimsgroup.com/?l=tomcat-user&m=109363993616257&w=2 would succeed
despite what is claimed...

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message