On 26/10/12 16:12, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian,
On 10/26/12 5:11 AM, Brian Burch wrote:
I have another system with java-7-openjdk-i386, but I haven't yet
done any work on it. This openjdk does not ship with a keytool
program, and so I presume it will use openssl.
I dunno about the i386 version, but I have /usr/bin/keytool installed
by Debian package "openjdk-7-jre-headless" (x86_64).
Thanks for pointing that out Chris, I was just wrong when I said it
wasn't there - I was looking at a different machine.
The system under investigation has both keytool executables installed:
brian@shiraz:/usr/bin$ ls -l keytool
lrwxrwxrwx 1 root root 25 Jun 15 2008 keytool -> /etc/alternatives/keytool
then, following that symlink like this...
brian@shiraz:/etc/alternatives$ ls -l keytool
lrwxrwxrwx 1 root root 39 Apr 24 2009 keytool ->
/usr/lib/jvm/java-6-sun/jre/bin/keytool
also, just to make 100% sure...
brian@shiraz:/etc/alternatives$ sudo update-alternatives --display keytool
keytool - manual mode
link currently points to /usr/lib/jvm/java-6-sun/jre/bin/keytool
/usr/lib/jvm/java-6-openjdk-i386/jre/bin/keytool - priority 1061
slave keytool.1.gz:
/usr/lib/jvm/java-6-openjdk-i386/jre/man/man1/keytool.1.gz
/usr/lib/jvm/java-6-sun/jre/bin/keytool - priority 63
slave keytool.1.gz: /usr/lib/jvm/java-6-sun/jre/man/man1/keytool.1.gz
Current 'best' version is
'/usr/lib/jvm/java-6-openjdk-i386/jre/bin/keytool'.
in other words, if I run keytool WITHOUT an explicit path, I get the sun
version. However, I used an explicit path to java-6-sun in my tests.
Thanks very much for your comment. It prompted me to explicitly run both
keytools against both the "faulty" pkcs12 and the "good" JKS keystores.
Much to my alarm BOTH tests on the "good" JKS failed with...
keytool error: java.lang.Exception: Keystore file does not exist:
www2-java-JKS-keystore
Happily, it didn't take me long to discover that this was due to a
permissions problem: running the identical commands under sudo worked fine.
I'll conclude this educational branch of my thread by confidently
restating that both keytools are able to list both keystores
successfully, even though the pkcs12 keystore cannot be opened by tomcat
7 under java-6-sun (I haven't tried it under java-6-openssl).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCKqFYACgkQ9CaO5/Lv0PB7wACgoQsJwEBd0ZBbjDyEpcD9U+kq
UZMAnj32nxYKFq6hK4zJZ7LDEEKAyOow
=wZbM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
