https://bz.apache.org/bugzilla/show_bug.cgi?id=57759

            Bug ID: 57759
           Summary: keyAlias definition is incorrect, does not appear to
                    work properly
           Product: Tomcat 7
           Version: trunk
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: andrewlanec...@gmail.com

keyAlias Definition from: 

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

The alias used to for the server certificate in the keystore. If not specified
the first key read in the keystore will be used.

Wouldn't this lead you to believe if no alias is specified it will use the
first key in the keystore?  This is not the case.

Steps to recreate:

Create a keystore using the recommended method: 

%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

(This will generate ${user.home}/.keystore if it does not exist.  If it does,
specify the keystore value.)

Start tomcat with the default SSL connector defined, no "keyAlias" value
specified, and the keystore we created previous specified as the keystoreFile.

It will use the cert in the file.

Add another cert (specify different name and values to differentiate between
the two) to the keystore with :

%JAVA_HOME%\bin\keytool" -genkey -alias tomcat2 -keyalg RSA

Shutdown and restart the tomcat instance.

Access the SSL site "localhost:8443", inspect the cert.  You will see it is not
the first certificate in the keystore like the document leads you to believe,
but the last one added, no matter how many you add.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to