Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 11A1017A12 for ; Wed, 25 Mar 2015 15:06:26 +0000 (UTC) Received: (qmail 43251 invoked by uid 500); 25 Mar 2015 15:06:25 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 43168 invoked by uid 500); 25 Mar 2015 15:06:25 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 43158 invoked by uid 99); 25 Mar 2015 15:06:25 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Mar 2015 15:06:25 +0000 Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPS id 157371A0465 for ; Wed, 25 Mar 2015 15:06:25 +0000 (UTC) Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33) id 6C614600A8; Wed, 25 Mar 2015 15:06:22 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 57759] New: keyAlias definition is incorrect, does not appear to work properly Date: Wed, 25 Mar 2015 15:06:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Connectors X-Bugzilla-Version: trunk X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: andrewlanecarr@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 https://bz.apache.org/bugzilla/show_bug.cgi?id=57759 Bug ID: 57759 Summary: keyAlias definition is incorrect, does not appear to work properly Product: Tomcat 7 Version: trunk Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: andrewlanecarr@gmail.com keyAlias Definition from: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html The alias used to for the server certificate in the keystore. If not specified the first key read in the keystore will be used. Wouldn't this lead you to believe if no alias is specified it will use the first key in the keystore? This is not the case. Steps to recreate: Create a keystore using the recommended method: %JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA (This will generate ${user.home}/.keystore if it does not exist. If it does, specify the keystore value.) Start tomcat with the default SSL connector defined, no "keyAlias" value specified, and the keystore we created previous specified as the keystoreFile. It will use the cert in the file. Add another cert (specify different name and values to differentiate between the two) to the keystore with : %JAVA_HOME%\bin\keytool" -genkey -alias tomcat2 -keyalg RSA Shutdown and restart the tomcat instance. Access the SSL site "localhost:8443", inspect the cert. You will see it is not the first certificate in the keystore like the document leads you to believe, but the last one added, no matter how many you add. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org