locking and unlocking for availability of a keystore results in duplicate
attributes in config.xml
--------------------------------------------------------------------------------------------------
Key: GERONIMO-4451
URL: https://issues.apache.org/jira/browse/GERONIMO-4451
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.1.3
Environment: Ubuntu Linux 8.10, Sun Java 1.6, Geronimo 2.1.3 w/ Jetty.
Reporter: Christian Svensson
Transcribing mail conversation:
Hello!
I've been trying for the better part of today getting keystores to
automatically unlock on startup - with very limited success.
Is there something that I should know about keystore password / key password?
Digging around some old mailing list threads said something about key password
must be equal to keystore password - any more of those gotchas?
The problem is that I create (or change password on geronimo-default for that
matter) a new keystore, assign SSL to use the certificate and restart the
server:
org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore 'plasma-ssl'
is locked; please use the keystore page in the admin console to unlock it
at
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
at
org.apache.geronimo.jetty6.connector.GeronimoSelectChannelSSLListener.createSSLContext(GeronimoSelectChannelSSLListener.java:54)
Resetting the SSL connector to using geronimo-default / geronimo with secret /
secret as passwords makes it work again - but why on earth doesn't Geronimo
unlock my keystores on startup? I mean, it saves the password (or something
like it) in config.xml.
-----
This is how I created my setup:
1. Create a new keystore 'plasma-ssl'
2. Create a new private key 'wildcard'
3. Now the text on "Available" says "trust only" or something like that, I lock
it and then unlock it in order for it to change to "1 key ready"
4. Then I configure my HTTPS connector to use the new keystore
5. Since the web server does not seem to do anything when I press "Shutdown" in
the console, I use Ctrl+C to kill it.
6. Start the server again
7. Message appears.
---
Hmm... the 3rd step is indeed unearthing a bug. At that step, a second
"attribute" element is getting added (instead of replacing the existing
element) to the keystore gbean for keystorePassword and keyPasswords attributes
in config.xml . Can you create an issue in the JIRA [1]? The problem summary
is, "locking and unlocking for availability of a keystore results in duplicate
attributes in config.xml".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
