tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57759] New: keyAlias definition is incorrect, does not appear to work properly
Date Wed, 25 Mar 2015 15:06:22 GMT

            Bug ID: 57759
           Summary: keyAlias definition is incorrect, does not appear to
                    work properly
           Product: Tomcat 7
           Version: trunk
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors

keyAlias Definition from:

The alias used to for the server certificate in the keystore. If not specified
the first key read in the keystore will be used.

Wouldn't this lead you to believe if no alias is specified it will use the
first key in the keystore?  This is not the case.

Steps to recreate:

Create a keystore using the recommended method: 

%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

(This will generate ${user.home}/.keystore if it does not exist.  If it does,
specify the keystore value.)

Start tomcat with the default SSL connector defined, no "keyAlias" value
specified, and the keystore we created previous specified as the keystoreFile.

It will use the cert in the file.

Add another cert (specify different name and values to differentiate between
the two) to the keystore with :

%JAVA_HOME%\bin\keytool" -genkey -alias tomcat2 -keyalg RSA

Shutdown and restart the tomcat instance.

Access the SSL site "localhost:8443", inspect the cert.  You will see it is not
the first certificate in the keystore like the document leads you to believe,
but the last one added, no matter how many you add.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message