tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Watts <...@cliftonfarm.org>
Subject Re: Tomcat 7 SSL activation on AS/400? (Cross-posted to JAVA400)
Date Tue, 10 Jan 2012 01:19:46 GMT
On Mon, 2012-01-09 at 15:55 -0800, James Lampert wrote:
> Tim Watts (from the Tomcat Users List) wrote:
> > Can you successfully run this command:
> > 
> > keytool -list -keystore {path/to/your/keystore/file} -storepass {passwd-in-server.xml}
> 
> It gives the same error message. And yes, EBCDIC is the default encoding 
> for AS/400s. The attributes on /foo show that it has a CCSID of 819, 
> though, which (if my memory and the IBM docs are correct) is ASCII.
> 
> Here's a QShell transcript from a test I ran specifically so that I 
> could post everything without betraying any passwords:
> 
> >> keytool -genkey -alias foo -keyalg RSA -keystore /foo
> >   Enter keystore password:                             
> >> bar                                                  
> >   What is your first and last name?                    
> >     [Unknown]:                                         
> >> James Lampert                                        
> >   What is the name of your organizational unit?        
> >     [Unknown]:                                         
> >> Development Lab                                      
> >   What is the name of your organization?               
> >     [Unknown]:                                         
> >> Touchtone Corporation                                
> >   What is the name of your City or Locality?           
> >     [Unknown]:                                         
> >> Costa Mesa                                           
> >   What is the name of your State or Province?          
> >     [Unknown]:                                         
> >> California                                          
> >   What is the two-letter country code for this unit?  
> >     [Unknown]:                                        
> >> US                                                  
> >   Is CN="James Lampert                                
> >                                                       
> >                                                       
> >                                                       
> >               ", OU="Development Lab                  
> >                                                       
> >                                                       
> >                                                       
> >                           ", O="Touchtone Corporation 
> > ", L="Costa Mesa                                                 
> >                                                                  
> >                                                                  
> >                                                                  
> >            ", ST="California                                     
> >                                                                  
> >                                                                  
> >                                                                  
> >                        ", C="US                                  
> >                                                                  
> >                                                                  
> >                                                                  
> >                                   " correct? (type "yes" or "no")
> > [no]:
> >> yes                                           
> >                                                 
> >   Enter key password for <foo>:                 
> >           (RETURN if same as keystore password):
> >> bar                                           
> >   $                                                                            
                                  
> >> keytool -list  -keystore /foo -storepass bar                               
                                    
> >   keytool error (likely untranslated): java.io.IOException: Keystore was tampered
with, or password was incorrect 
> >   $                                                                            
                                  
> 
> Another thought occurred to me: Could the trailing blanks shown in the 
> confirmation message have anything to do with the problem?
> 
That's a possibility if it's padding the passwords as well.   I'm not an
AS/400 expert by any means.  Is /foo a preallocated file and if so could
the problem be with the way it was allocated?

Perhaps what's encrypted in the file was ASCII but the keystrokes in
your shell (and chars in server.xml file) are EBCDIC?

> --
> JHHL
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


Mime
View raw message