In the
SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}"
we defined a Class to convert the Encrypted password and set the following
properties:
public class MyPropertySource implements
org.apache.tomcat.util.IntrospectionUtils.PropertySource
...
public String getProperty(String arg0) {
if (arg0.contains("KSENC(")) {
....
System.setProperty("javax.net.ssl.keyStore",
keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword",
clearText);
System.setProperty("javax.net.ssl.trustStore",
trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",
clearText);
}
...
}
This class will set the following properties at the beginning of Tomcat init
In my debugging I found that it could not determine the store properly.
So, I tried putting in the keystoreType="PKCS12 and now it works.
I hope this helps. I'm still set up for debugging if you need something
looked at.
Thanks
On Tue, Jun 11, 2024 at 2:14 PM Christopher Schultz <
[email protected]> wrote:
> Mark,
>
> On 6/10/24 14:56, Timothy Resh wrote:
> > After much debugging, I have found the issue in my situation. In the
> > server.xml file, you must put keystoreType="PKCS12" for it to recognize
> the
> > keystore properly.
>
> That doesn't make any sense to me. Not a single one of your previous
> posts has been using a keystore file at all for Tomcat. You did show how
> you assembled a (rather complicated) PKCS12 keystore file using a
> combination of openssl and keytool in your message from 25 March but
> this is the only place in your configuration file I see that file:
>
> SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}"
>
> I have *no idea* what you are doing in there, but I assumed that
> keystore contained some kind of password and not a certificate or RSA key.
>
> -chris
>
> > On Fri, Apr 5, 2024 at 4:27 AM Roberto Benedetti <
> > [email protected]> wrote:
> >
> >>> I got the Object ID and version straight out of the Certificate using
> >>> Keystore Explorer. I'm not sure why there is a difference.
> >>
> >> Keystore Explorer uses Bouncy Castle (https://www.bouncycastle.org/) as
> >> provider for JCE.
> >>
> >> If your JRE/JDK does not provide some algorithm you could use Bouncy
> >> Castle as well.
> >>
> >> Regards,
> >> Roberto
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [email protected]
> >> For additional commands, e-mail: [email protected]
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
