https://bz.apache.org/bugzilla/show_bug.cgi?id=57759
Bug ID: 57759
Summary: keyAlias definition is incorrect, does not appear to
work properly
Product: Tomcat 7
Version: trunk
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: andrewlanec...@gmail.com
keyAlias Definition from:
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
The alias used to for the server certificate in the keystore. If not specified
the first key read in the keystore will be used.
Wouldn't this lead you to believe if no alias is specified it will use the
first key in the keystore? This is not the case.
Steps to recreate:
Create a keystore using the recommended method:
%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
(This will generate ${user.home}/.keystore if it does not exist. If it does,
specify the keystore value.)
Start tomcat with the default SSL connector defined, no "keyAlias" value
specified, and the keystore we created previous specified as the keystoreFile.
It will use the cert in the file.
Add another cert (specify different name and values to differentiate between
the two) to the keystore with :
%JAVA_HOME%\bin\keytool" -genkey -alias tomcat2 -keyalg RSA
Shutdown and restart the tomcat instance.
Access the SSL site "localhost:8443", inspect the cert. You will see it is not
the first certificate in the keystore like the document leads you to believe,
but the last one added, no matter how many you add.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
