tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Possible issue with Tomcat 7.0.27 SSL keystore configuration
Date Fri, 06 Jul 2012 10:25:27 GMT
On 06/07/2012 10:04, Arun John (arujohn) wrote:
> Hi Team,
> I am currently facing an issue with SSL configuration in Tomcat
> 7.0.27. I have one keystore with three private keys to be used by
> different components . The password I am using for the keystore file
> is "changed". The requirement is such that I should be using three
> different password for the three private keys I store in my keystore.
> I have configured my server.xml to allow https connections, basically
> modified the connectors.
> <Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true" 
> maxThreads="150" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS"  keyAlias ="adminuicert"
> keystoreFile="bin/.keystore" keystorePass="changed"/>

You have not specified the password for the key. Why would you expect
this to work?

> I am running into an issue here. When I configure different key
> passwords for my private keys different from my keystore password I
> am running into an exception saying it cannot recover the key. I have
> attached the catalina log.  I am not finding a way to provide the
> private key password in the server.xml

Then read the Tomcat 7 documentation.

> When I googled, I found that in Tomcat 5.5 it was not possible and
> found the below bug. Not sure whether the bug is fixed in latest
> release

That is a 5+ year old bug against a version of the software 2 major
versions earlier than the one you are using. What do you think the
chances are of it being relevant here? Hint: If you had read the HTTP
SSL configuration documentation for Tomcat 7 you would know the answer
to that question.

<snip />

> Right now I am clueless 

Clue may be found by reading the documentation for the version of the
software you are trying to use.

> on how to fix the issue. It would be of great help, if
> someone can help me with a solution/workaround

Read the documentation.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message