You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Luis Villa <lv...@gmail.com> on 2007/12/12 11:33:05 UTC
PKCS11 in Windows
Hello all,
In order to secure communications between a browser and the web server I'm
using tomcat with a SSL connector. This connector takes the server
certificate from a Smartcard (so I'm using a PKCS11 keystore type). The
problem is that, as I'm accessing it in Windows, I have to link it to a dll
file, and this causes troubles. I have found a little but really annoying
one. When accessing the Smartcard, java can take all keys, but then alias
name is not, for example, "tomcat" but "tomcat\0" (where \0 is the char 0).
I suppose this is because the dll uses pchar or something like this.
So, when I configure Tomcat to use keyalias="tomcat", it cannot find it
(internally, what the keystore contains is "tomcat\0"). I'm forced to not
specify a keyalias so it uses the first one in the card. But I cannot assure
the first one is the one tomcat has to use (it is possible someone is going
to import more certificates in the card in the future).
Is there a way to avoid the \0 problem? (XML does not allow to specify this
character)
Thank you all :)
Re: PKCS11 in Windows
Posted by Luis Villa <lv...@gmail.com>.
>
>
> > Is there a way to avoid the \0 problem? (XML does not allow to
> > specify this character)
>
> Can you do:
>
> alias="tomcat�"
>
> ?
Hello Chris,
No, it is not possible to use this character in XML (so I have read in the
XML specification). Anyway, I tried and, if you write that, Tomcat responds
with an error:
org.xml.sax.SAXParseException: Character reference "�" is an invalid XML
character.
it is almost funny how a little detail can cause so many troubles.
Thanks for your answer Chris,
Regards
Re: PKCS11 in Windows
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Luis,
Luis Villa wrote:
> Is there a way to avoid the \0 problem? (XML does not allow to
> specify this character)
Can you do:
alias="tomcat�"
?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHYFqi9CaO5/Lv0PARAvnNAKCW1NnwiIWUnOyadbeBh61vAJFN8QCcCUDQ
ssVOGbuQ5L05e1nkQxweXfw=
=+20T
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org