tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun John (arujohn)" <>
Subject Possible issue with Tomcat 7.0.27 SSL keystore configuration
Date Fri, 06 Jul 2012 09:04:50 GMT
Hi Team,

I am currently facing an issue with SSL configuration in Tomcat 7.0.27. I have one keystore
with three private keys to be used by different components . The password I am using for the
keystore file is "changed". The requirement is such that I should be using three different
password for the three private keys I store in my keystore. I have configured my server.xml
to allow https connections, basically modified the connectors.

<Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"  keyAlias ="adminuicert" keystoreFile="bin/.keystore"

I am running into an issue here. When I configure different key passwords for my private keys
different from my keystore password I am running into an exception saying it cannot recover
the key. I have attached the catalina log.  I am not finding a way to provide the private
key password in the server.xml

When I googled, I found that in Tomcat 5.5 it was not possible and found the below bug. Not
sure whether the bug is fixed in latest release

It says that if any of the passphrase is different, it cannot recover the key. Also it says
that tomcat treats the keypass and keystorePass as the same. I also tried setting the adminuicert
keyAlias with the same password as the keystore. Even then it is not working.
Right now I am clueless on how to fix the issue. It would be of great help, if someone can
help me with a solution/workaround


View raw message