You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/01/10 20:01:38 UTC
DO NOT REPLY [Bug 38217] New: - mention that private key password and keystore password need to be the same (avoid "IOException: Cannot recover key")
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38217
Summary: mention that private key password and keystore password
need to be the same (avoid "IOException: Cannot recover
key")
Product: Tomcat 5
Version: 5.5.14
Platform: Other
URL: http://tomcat.apache.org/tomcat-5.5-doc/ssl-
howto.html#Prepare the Certificate Keystore
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Connector:Coyote
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: hauser@acm.org
As per org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystorePassword()
"keypass" and "keystorePass" are the same.
If e.g. with using http://sf.net/projects/portecle, some people are tempted to
set a different key on the private key.
Then, they get
<<Error initializing endpoint
java.io.IOException: Cannot recover key
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
...>>
It would be great if there were a cautionary note in the ssl-howto.html
see also http://www.ponton-consulting.de/en/faq/faq_advanced.html
I guess the test at the bottom of
http://marc.theaimsgroup.com/?l=tomcat-user&m=109363993616257&w=2 would succeed
despite what is claimed...
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 38217] - mention that private key password and keystore password need to be the same (avoid "IOException: Cannot recover key")
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38217
yoavs@computer.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From yoavs@computer.org 2006-04-13 19:00 -------
Good point, added cautionary note and reference to your comment above to the SSL
HowTo. Thanks.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org