tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hendley - Sun Microsystems <Paul.Hend...@Sun.COM>
Subject Question about using non-default keystore location
Date Wed, 16 Jan 2002 23:19:34 GMT
Hi People,

I have searched the archives and was not able to find my answer so I am posting 
to this alias for help. 

--------
Problem:
--------

I am trying to use SSL in tomcat 4.0.1 and am having trouble when I try to use a 
.keystore file that lives somewhere else besides my default home directory.  If 
I have a .keystore file in my home directory I can get SSL working ok.  The 
problem is when I try to use a .keystore file stored somewhere else besides my 
home directory.  


-----------------
My Configuration:
------------------


Info from my server.xml file:

    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
          port="8443" minProcessors="5" maxProcessors="75"
          enableLookups="true"
          acceptCount="10" debug="0" scheme="https" secure="true">
          <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
                   clientAuth="false" protocol="TLS"/>
          keystoreFile="keys/.keystore"
          keystorePass="changeit"
    </Connector>

    NOTE:  this example shows a relative keystoreFile path.  
           I also tried using an absolute keystoreFile path 
           with no luck.
      

How I generated a keystore file:
  >  $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
     -keystore $TOMCAT_HOME/keys/.keystore


Now when I attempt to restart tomcat I get the following error exception in 
catalina.out:
      java.io.FileNotFoundException: /home/myuser/.keystore 
              (No such file or directory)
      <note: the rest of the exception trail was deleted to save soace>



-----------
SUSPICIONS:
-----------  
I am using tomcat 4.0.1 (not tomcat 3.3 base).
I suspect there may be a problem with the tomcat 4.0 baseline because a quick 
look through the source seemed to indicate some differences between the two.

Most notably is that with the tomcat 3.3 codebase, the following two lines would 
have been read & used by the SSLSocketFactory class from the server.xml file but 
they do not appear to be supported in the tomcat 4.0 codebase:
      <Parameter name="keystore"  value="keys/.keystore" />
      <Parameter name="keypass"  value="changeit" />

Now this doesn't mean there is a problem, but it does indicate that things 
changed and that it could be a problem area since I did not see support for this 
carried from the tomcat 3.2 to tomcat 4.0 codebase.  (it's possible I missed it 
but I didn't see this support in tomcat 4.0)



---------
QUESTION:
---------
1.  Can anyone elaborate on the differences between these two versions of tomcat 
with regard to how things should now behave in tomcat 4.0?

2.  Can anyone help me figure out how to use a .keystore file that does NOT live 
in my home directory?  


thanks much,
-Paul



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message