[ https://issues.apache.org/jira/browse/GERONIMO-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods reassigned GERONIMO-4451: -------------------------------------- Assignee: Donald Woods > locking and unlocking for availability of a keystore results in duplicate > attributes in config.xml > -------------------------------------------------------------------------------------------------- > > Key: GERONIMO-4451 > URL: https://issues.apache.org/jira/browse/GERONIMO-4451 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: console, security > Affects Versions: 2.1.3 > Environment: Ubuntu Linux 8.10, Sun Java 1.6, Geronimo 2.1.3 w/ Jetty. > Reporter: Christian Svensson > Assignee: Donald Woods > Fix For: 2.1.4, 2.2 > > > Transcribing mail conversation: > Hello! > I've been trying for the better part of today getting keystores to > automatically unlock on startup - with very limited success. > Is there something that I should know about keystore password / key password? > Digging around some old mailing list threads said something about key > password must be equal to keystore password - any more of those gotchas? > The problem is that I create (or change password on geronimo-default for that > matter) a new keystore, assign SSL to use the certificate and restart the > server: > org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore > 'plasma-ssl' is locked; please use the keystore page in the admin console to > unlock it > at > org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343) > at > org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54) > Resetting the SSL connector to using geronimo-default / geronimo with secret > / secret as passwords makes it work again - but why on earth doesn't Geronimo > unlock my keystores on startup? I mean, it saves the password (or something > like it) in config.xml. > ----- > This is how I created my setup: > 1. Create a new keystore 'plasma-ssl' > 2. Create a new private key 'wildcard' > 3. Now the text on "Available" says "trust only" or something like that, I > lock it and then unlock it in order for it to change to "1 key ready" > 4. Then I configure my HTTPS connector to use the new keystore > 5. Since the web server does not seem to do anything when I press "Shutdown" > in the console, I use Ctrl+C to kill it. > 6. Start the server again > 7. Message appears. > --- > Hmm... the 3rd step is indeed unearthing a bug. At that step, a second > "attribute" element is getting added (instead of replacing the existing > element) to the keystore gbean for keystorePassword and keyPasswords > attributes in config.xml . Can you create an issue in the JIRA [1]? The > problem summary is, "locking and unlocking for availability of a keystore > results in duplicate attributes in config.xml". -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.