tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun John (arujohn)" <aruj...@cisco.com>
Subject Possible issue with Tomcat 7.0.27 SSL keystore configuration
Date Fri, 06 Jul 2012 09:04:50 GMT
Hi Team,

I am currently facing an issue with SSL configuration in Tomcat 7.0.27. I have one keystore
with three private keys to be used by different components . The password I am using for the
keystore file is "changed". The requirement is such that I should be using three different
password for the three private keys I store in my keystore. I have configured my server.xml
to allow https connections, basically modified the connectors.

<Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"  keyAlias ="adminuicert" keystoreFile="bin/.keystore"
keystorePass="changed"/>

I am running into an issue here. When I configure different key passwords for my private keys
different from my keystore password I am running into an exception saying it cannot recover
the key. I have attached the catalina log.  I am not finding a way to provide the private
key password in the server.xml

When I googled, I found that in Tomcat 5.5 it was not possible and found the below bug. Not
sure whether the bug is fixed in latest release
https://issues.apache.org/bugzilla/show_bug.cgi?id=38217

It says that if any of the passphrase is different, it cannot recover the key. Also it says
that tomcat treats the keypass and keystorePass as the same. I also tried setting the adminuicert
keyAlias with the same password as the keystore. Even then it is not working.
Right now I am clueless on how to fix the issue. It would be of great help, if someone can
help me with a solution/workaround

Regards,
Arun

Mime
View raw message