Hi Christopher, > > # create 2 entries with different keypass for each entry keytool > > -genkeypair -alias tomcat1 -storepass storepass -keystore > > different.jks -keyalg RSA -keypass tomcat1 -ext san=dns:tomcat1 > > -dname CN=tomcat1 keytool -genkeypair -alias tomcat2 -storepass > > storepass -keystore different.jks -keyalg RSA -keypass tomcat2 -ext > > san=dns:tomcat2 -dname CN=tomcat2 > > What is the password for the keystore itself?
my password for the keystore has the value storepass. > > > setup a SSL Connector to use that keystore: > > > > <Connector port="443" URIEncoding="UTF-8" scheme="https" > > secure="true" SSLEnabled="true" > >> > > <SSLHostConfig > > ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA" > > protocols="all"> > > > > <!-- doesn't work, use keypass for alias tomcat2 --> <Certificate > > certificateKeystoreFile="different.jks" > > certificateKeystorePassword="storepass" > > certificateKeyAlias="tomcat2" certificateKeystoreType="JKS" > > certificateKeyPassword="tomcat2" type="RSA" /> > > ... and why don't you have the keystore password set, here? Or did you just > use "changeit"? in the attribute certificateKeystorePassword i'm using the value storepass. IMHO the password is given. Frank