-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Satish,
On 11/23/11 12:30 AM, Satish Mittal wrote: > On Wed, Nov 23, 2011 at 2:32 AM, Caldarale, Charles R < > [email protected]> wrote: > >>> This used to work in tomcat 5. >> >> Interesting. Where is this documented to work? > > As per the tomcat documentation, Tomcat can use two different > implementations of SSL: > > - the JSSE implementation provided as part of the Java runtime > (since 1.4) - the APR implementation, which uses the OpenSSL engine > by default. > > In my installation, I use JSSE implementation. The > javax.net.ssl.keyStorePassword property is supported by JSSE. Not in the way that you expect. When Java accesses the system keystore, this system property will be used. When Tomcat accesses the Tomcat-specific keystore, only the Tomcat keystore will be used and it must be configured using Tomcat's configuration. Honestly, I'm surprised that this worked in Tomcat 5. It's possible that there has been a regression, but I'd like to see it working, first. Can you provide steps-to-reproduce in both Tomcat 5 (5.what?) and Tomcat 6/7? The procedures should be the same (other than using different TC versions) but the outcomes should be different if this is a regression. Start with a stock TC install (from the ZIP/tgz archive) and tell us how to configure everything, including creating the keystore and key(s), importing certificates, etc. > If you go to tomcat documentation at > http://tomcat.apache.org/tomcat-5.5-doc/config/http.html#SSL_Support, > you would find that multiple JSSE properties (related to > trustStore) are supported by Tomcat as a mechanism to pass the > value instead of specifying them explicitly in server.xml. I know > that for keyStorePassword, it is not documented. However since this > mechanism was working in tomcat 5, I want to check whether anyone > else has observed this change in tomcat 7. See above. If this is a regression, it can be fixed. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7NHSEACgkQ9CaO5/Lv0PDqMwCgw60f34yVfKukGuUDIlbdYF7H TDgAnjRB57yNNldaNcZlKigrH9PTW7/t =Xdbu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
