[jira] Updated: (GERONIMO-2780) Tomcat fails to accept certificate alias

Thu, 25 Jan 2007 12:51:13 -0800 

     [ 
https://issues.apache.org/jira/browse/GERONIMO-2780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Donald Woods updated GERONIMO-2780:
-----------------------------------

    Attachment: G2780-keyAlias.patch

Attaching patch for first part - allowing setting of keyAlias attribute.
Will work on adding the initParams support and back port to 1.2 and 1.1.x later 
next week, as I'll be offline for a few days on paternity leave.... :-)


> Tomcat fails to accept certificate alias
> ----------------------------------------
>
>                 Key: GERONIMO-2780
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2780
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 1.1.1
>         Environment: all
>            Reporter: Leonard Flournoy
>         Assigned To: Donald Woods
>             Fix For: 1.1.2, 2.0-beta1
>
>         Attachments: G2780-keyAlias.patch
>
>
> Here's the contents of the keystore:
> ------8<--------
> [EMAIL PROTECTED] ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
> Enter keystore password: 
> Keystore type: jks
> Keystore provider: SUN
> Your keystore contains 3 entries
> plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
> plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
> Certificate fingerprint (MD5):
> 41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
> plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
> [EMAIL PROTECTED] ~]$
> ------8<--------
> ...and here's the gbean we are using to declare the HTTPS Connector:
> ------8<--------
>     <gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
> name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
> j2eeType=GBean,name=plm.ref.bom.com-arena-server">
>       <attribute name="name">plm.ref.bom.com-arena-server</attribute>
>       <attribute name="protocol">HTTPS</attribute>
>       <attribute name="host">plm.ref.bom.com</attribute>
>       <attribute name="port">4431</attribute>
>       <attribute name="maxThreads">50</attribute>
>       <attribute name="acceptQueueSize">100</attribute>
>       <!-- <attribute
> name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
>       <attribute name="keystoreType">JKS</attribute>
>       <attribute
> name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
>       <attribute
> name="keystorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2Jq
> ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
> cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
> cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
> W7PUcHQAA0FFUw==</attribute>
>       <attribute name="secureProtocol">Default</attribute>
>       <attribute name="algorithm">Default</attribute>
>       <attribute name="clientAuthRequired">False</attribute>
>       <attribute name="truststoreType">JKS</attribute>
>       <attribute
> name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
> ibute>
>       <attribute
> name="truststorePassword">{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
> JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
> 50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
> J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
> sRW7PUcHQAA0FFUw==</attribute>
>       <reference name="TomcatContainer">
>         <pattern>
>           <groupId>geronimo</groupId>
>           <artifactId>tomcat</artifactId>
>           <version>1.1.1</version>
>           <type>car</type>
>           <name>TomcatWebContainer</name>
>         </pattern>
>       </reference>
>       <reference name="ServerInfo">
>         <pattern>
>           <groupId>geronimo</groupId>
>           <artifactId>j2ee-system</artifactId>
>           <version>1.1.1</version>
>           <type>car</type>
>         <name>ServerInfo</name>
>       </pattern>
>     </reference>
>     </gbean>
> ------8<--------
> WAS CE starts this Gbean happily, but when the connector receives a
> connection from an HTTPS client, it uses the
> "plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
> listed in the keystore).  I would like to be able to specify which
> keyEntry is used for each HTTPS connector.
> If I uncomment the "initParams" element, then WAS CE fails on startup
> with this error:
> ------8<--------
> Module 3/5 geronimo/tomcat/1.1.1/car
> 13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
> now in the FAILED state:
> abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
> t/1.1.1/car"
> org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
> initParams for gbean:
> geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
> pe=GBean,name=plm.ref.bom.com-arena-server
>         at
> org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
> utes(LocalAttributeManager.java:197)
> ...
> 13:59:14,521 ERROR [Daemon] Exception caught while starting
> configurations.
> Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
> geronimo/tomcat/1.1.1/car failed
> Server startup failed
> ------8<--------
> Any help would be appreciated.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to