tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <jfarc...@apache.org>
Subject Re: TC5 + SSL: Keystore password bound to default "changeit"?
Date Wed, 10 Dec 2003 14:21:09 GMT


Baer Peter Christoph Alexander wrote:

>Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah:
>  
>
>>Remy Maucherat wrote:
>>    
>>
>>>Baer Peter Christoph Alexander wrote:
>>>      
>>>
>>>>Hi!
>>>>
>>>>I have a question about something, I observe, but don't
>>>>want to believe... ;-)
>>>>
>>>>Tomcat 5 can use my keystore, but only if the password is
>>>>"changeit", the default password. Now, the docs say, one
>>>>should use this, but with TC 4.0.6 it was possible to
>>>>change it. Is the password hard coded in TC 5?
>>>>        
>>>>
>>>I didn't test that particular feature myself, but I believe this works
>>>ok.
>>>The way connectors parameters (and in particular SSL parameters) are
>>>defined changed in TC 5.0.x. Look there:
>>>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html
>>>There's the SSL howto also.
>>>      
>>>
>>Also, you might want to make sure that the password of your *target key*
>>matches your keystore password. I'm not sure how that plays out in
>>tomcat world, but I can see that to be a problem if the server assumes
>>the key's password to be the same as that of the keystore.
>>    
>>
>
><Thoughts>
><Just an idea>
>server.xml is an XML file. It used to be XML in TC4, and it
>ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T
>stylesheet converting old config files into newer formats?
>That would considerably ease migration/upgrade pains...
></Just an idea>
>  
>
Yes, it could. You're more than Welcome to submit a patch :-)


><Just an idea>
>If we had an XML schema definition (be it W3C XML schema,
>Relax NG or whatever), an XML editor like Pollo or XML Spy
>could validate the config file. This would help to avoid and
>reveal mistakes and thus speed up Tomcat configuration...
></Just an idea>
>  
>
Just search that list on the topic ;-) It is not possible at the moment 
to have a DTD or schema for the server.xml (due to its complexity). If 
you have time and think you can come with something, a second patch is 
welcome!

-- Jeanfrancois

></Thoughts>
>
>Regards
>
>	Alex
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message