tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Villa" <>
Subject PKCS11 in Windows
Date Wed, 12 Dec 2007 10:33:05 GMT
Hello all,

In order to secure communications between a browser and the web server I'm
using tomcat with a SSL connector. This connector takes the server
certificate from a Smartcard (so I'm using a PKCS11 keystore type). The
problem is that, as I'm accessing it in Windows, I have to link it to a dll
file, and this causes troubles. I have found a little but really annoying
one. When accessing the Smartcard, java can take all keys, but then alias
name is not, for example, "tomcat" but "tomcat\0" (where \0 is the char 0).
I suppose this is because the dll uses pchar or something like this.

So, when I configure Tomcat to use keyalias="tomcat", it cannot find it
(internally, what the keystore contains is "tomcat\0"). I'm forced to not
specify a keyalias so it uses the first one in the card. But I cannot assure
the first one is the one tomcat has to use (it is possible someone is going
to import more certificates in the card in the future).

Is there a way to avoid the \0 problem? (XML does not allow to specify this

Thank you all :)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message