You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Leonard Flournoy (JIRA)" <ji...@apache.org> on 2007/01/25 06:11:49 UTC
[jira] Created: (GERONIMO-2780) Tomcat fails to accept certificate
alias
Tomcat fails to accept certificate alias
----------------------------------------
Key: GERONIMO-2780
URL: https://issues.apache.org/jira/browse/GERONIMO-2780
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Affects Versions: 1.1.1
Environment: all
Reporter: Leonard Flournoy
Fix For: 1.1.x
Here's the contents of the keystore:
------8<--------
[nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 3 entries
plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
Certificate fingerprint (MD5):
24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
Certificate fingerprint (MD5):
41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
Certificate fingerprint (MD5):
8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
[nsadmin@hive ~]$
------8<--------
...and here's the gbean we are using to declare the HTTPS Connector:
------8<--------
<gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
j2eeType=GBean,name=plm.ref.bom.com-arena-server">
<attribute name="name">plm.ref.bom.com-arena-server</attribute>
<attribute name="protocol">HTTPS</attribute>
<attribute name="host">plm.ref.bom.com</attribute>
<attribute name="port">4431</attribute>
<attribute name="maxThreads">50</attribute>
<attribute name="acceptQueueSize">100</attribute>
<!-- <attribute
name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
<attribute name="keystoreType">JKS</attribute>
<attribute
name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
<attribute
name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
W7PUcHQAA0FFUw==</attribute>
<attribute name="secureProtocol">Default</attribute>
<attribute name="algorithm">Default</attribute>
<attribute name="clientAuthRequired">False</attribute>
<attribute name="truststoreType">JKS</attribute>
<attribute
name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
ibute>
<attribute
name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
sRW7PUcHQAA0FFUw==</attribute>
<reference name="TomcatContainer">
<pattern>
<groupId>geronimo</groupId>
<artifactId>tomcat</artifactId>
<version>1.1.1</version>
<type>car</type>
<name>TomcatWebContainer</name>
</pattern>
</reference>
<reference name="ServerInfo">
<pattern>
<groupId>geronimo</groupId>
<artifactId>j2ee-system</artifactId>
<version>1.1.1</version>
<type>car</type>
<name>ServerInfo</name>
</pattern>
</reference>
</gbean>
------8<--------
WAS CE starts this Gbean happily, but when the connector receives a
connection from an HTTPS client, it uses the
"plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
listed in the keystore). I would like to be able to specify which
keyEntry is used for each HTTPS connector.
If I uncomment the "initParams" element, then WAS CE fails on startup
with this error:
------8<--------
Module 3/5 geronimo/tomcat/1.1.1/car
13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
now in the FAILED state:
abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
t/1.1.1/car"
org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
initParams for gbean:
geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
pe=GBean,name=plm.ref.bom.com-arena-server
at
org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
utes(LocalAttributeManager.java:197)
...
13:59:14,521 ERROR [Daemon] Exception caught while starting
configurations.
Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
geronimo/tomcat/1.1.1/car failed
Server startup failed
------8<--------
Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Leonard Flournoy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467632 ]
Leonard Flournoy commented on GERONIMO-2780:
--------------------------------------------
Donald, thanks for your efforts an congrats on the addition to your family.
I've talked with Jeff and he's agreed to finish this, would you assign this
to him.
Thanks!
--
Leonard J. Flournoy
Senior Software Engineer
323 309-3480
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
> Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-2780) Tomcat fails to accept certificate
alias
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-2780:
-----------------------------------
Attachment: G2780-keyAlias.patch
Attaching patch for first part - allowing setting of keyAlias attribute.
Will work on adding the initParams support and back port to 1.2 and 1.1.x later next week, as I'll be offline for a few days on paternity leave.... :-)
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
> Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467466 ]
Jeff Genender commented on GERONIMO-2780:
-----------------------------------------
I mean, add the initParams in addition to the keyAlias.
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
RE: [jira] Updated: (GERONIMO-2780) Tomcat fails to accept certificate alias
Posted by David Hoke <da...@princetonresource.com>.
All,
I am currently looking for multiple developers with application server
product development experience. Please let me know the proper forum for this
request.
Thank you,
David Hoke
-----Original Message-----
From: Donald Woods (JIRA) [mailto:jira@apache.org]
Sent: Thursday, January 25, 2007 11:32 AM
To: dev@geronimo.apache.org
Subject: [jira] Updated: (GERONIMO-2780) Tomcat fails to accept certificate
alias
[
https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.
plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-2780:
-----------------------------------
Component/s: Tomcat
Fix Version/s: (was: 1.1.x)
2.0-beta1
1.1.2
Assignee: Donald Woods
I don't see a get/set for the keyAlias attribute in the HttpsConnectorGBean,
like the HTTPSConnector for Jetty has....
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-2780) Tomcat fails to accept certificate
alias
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-2780:
-----------------------------------
Component/s: Tomcat
Fix Version/s: (was: 1.1.x)
2.0-beta1
1.1.2
Assignee: Donald Woods
I don't see a get/set for the keyAlias attribute in the HttpsConnectorGBean, like the HTTPSConnector for Jetty has....
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467509 ]
Donald Woods commented on GERONIMO-2780:
----------------------------------------
Jeff, not sure what you mean with initParams, as those are handled by the ConnectorGBean class and the Tomcat connector (Coyote) does not take a "initParams" attribute, as defined by http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (GERONIMO-2780) Tomcat fails to accept certificate
alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Genender reassigned GERONIMO-2780:
---------------------------------------
Assignee: Jeff Genender (was: Donald Woods)
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Jeff Genender
> Fix For: 1.1.2, 2.0-beta1
>
> Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467464 ]
Jeff Genender commented on GERONIMO-2780:
-----------------------------------------
Please add an initParams attribute like the other Tomcat GBean objects as well.
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467652 ]
Jeff Genender commented on GERONIMO-2780:
-----------------------------------------
Congrat son the new addition to your family, Donald. The patch looks good except it also needs the interface changed too. I'll go ahead and do that.
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
> Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-2780) Tomcat fails to accept
certificate alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467514 ]
Jeff Genender commented on GERONIMO-2780:
-----------------------------------------
Please examine the initParams attribute in the EngineGbean, HostGbean, etc. It is a way to pass dynamic parameters to the underlying Tomcat object. It is a Geronimo concept, not Tomcat. Since Tomcat uses the digester, you can pass dynamic parameters as XML attributes. But Geronimo does not use the digester, so the initParams is a way to allow this functionality in Geronimo.
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Donald Woods
> Fix For: 1.1.2, 2.0-beta1
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-2780) Tomcat fails to accept certificate
alias
Posted by "Jeff Genender (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Genender closed GERONIMO-2780.
-----------------------------------
Resolution: Fixed
Fix Version/s: 1.2
Fixed. Added keyAlias as an attribute. I will hold off on the initParams for now...but this should be a part of the ConnecterGBean.
> Tomcat fails to accept certificate alias
> ----------------------------------------
>
> Key: GERONIMO-2780
> URL: https://issues.apache.org/jira/browse/GERONIMO-2780
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 1.1.1
> Environment: all
> Reporter: Leonard Flournoy
> Assigned To: Jeff Genender
> Fix For: 1.1.2, 1.2, 2.0-beta1
>
> Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password:
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [nsadmin@hive ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
> <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
> <attribute name="name">plm.ref.bom.com-arena-server</attribute>
> <attribute name="protocol">HTTPS</attribute>
> <attribute name="host">plm.ref.bom.com</attribute>
> <attribute name="port">4431</attribute>
> <attribute name="maxThreads">50</attribute>
> <attribute name="acceptQueueSize">100</attribute>
> <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
> <attribute name="keystoreType">JKS</attribute>
> <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
> <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
> <attribute name="secureProtocol">Default</attribute>
> <attribute name="algorithm">Default</attribute>
> <attribute name="clientAuthRequired">False</attribute>
> <attribute name="truststoreType">JKS</attribute>
> <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
> <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
> <reference name="TomcatContainer">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>tomcat</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>TomcatWebContainer</name>
> </pattern>
> </reference>
> <reference name="ServerInfo">
> <pattern>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-system</artifactId>
> <version>1.1.1</version>
> <type>car</type>
> <name>ServerInfo</name>
> </pattern>
> </reference>
> </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore). I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
> at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.