DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37530>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37530 Summary: IOException on startup when a "keyAlias" attribute is specified Product: Tomcat 5 Version: 5.5.9 Platform: All OS/Version: All Status: NEW Keywords: ErrorMessage Severity: normal Priority: P3 Component: Connector:HTTP AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Using this connector definition <!-- Define a SSL HTTP/1.1 Connector on port 7403 --> <Connector port="7403" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="XXXXXX" truststoreFile="conf/keystore" keyAlias="certificate.qa" /> Tomcat throws this exception upon startup. Nov 16, 2005 9:07:18 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: Alias n ame certificate.qa does not identify a key entry at org.apache.catalina.connector.Connector.start(Connector.java:1003) at org.apache.catalina.core.StandardService.start(StandardService.java:4 59) at org.apache.catalina.core.StandardServer.start(StandardServer.java:683 ) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) Yet a keytool -list shows that the alias specified is, indeed, valid Keystore type: jks Keystore provider: SUN Your keystore contains 6 entries certificate, Nov 1, 2005, keyEntry, Certificate fingerprint (MD5): 65:5B:79:54:E5:83:D0:81:9D:AD:F9:C1:5C:65:BF:3D ipgrootca, Nov 1, 2005, trustedCertEntry, Certificate fingerprint (MD5): 49:5A:FC:06:6B:04:7C:F7:96:6F:90:1C:E1:91:79:77 certificate.prod, Nov 11, 2005, keyEntry, Certificate fingerprint (MD5): 3C:9E:3D:30:B0:7E:65:B1:A2:0E:8C:0A:22:E4:FA:69 certificate.dev, Nov 1, 2005, keyEntry, Certificate fingerprint (MD5): 84:31:D2:DF:1C:28:D6:81:43:1A:D9:57:47:6E:67:AB zap2itlabsca, Nov 1, 2005, trustedCertEntry, Certificate fingerprint (MD5): C3:E3:EE:9D:6C:5C:DF:E3:F9:94:8B:9B:5E:C5:58:16 >> certificate.qa, Nov 11, 2005, keyEntry, >> Certificate fingerprint (MD5): >> 8A:EF:CF:2C:B6:D8:B5:4D:AB:40:0A:C6:9B:9F:E6:FC The problem is at line 142 of the file JSSE14SocketFactory.java: if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); } I don't believe that isKeyEntry() is correct test in this case. I changed line 142 to read if (keyAlias != null && !ks.containsAlias(keyAlias)) { throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); } And compiled a new tomcat-util.jar. My tomcat instance started and selected the proper certificate. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
