[Fedora-commons-users] "Keystore was tampered with, or password was incorrect"

Fri, 04 Sep 2009 09:14:24 -0700 

Hi

Am trying to implement SSL on an existing fedora2.2.4/muradora installation.
I used keytool to generate a self  signed certificate, and defined an ssl
connector in server.xml as below

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="conf/keystore" keystorePass="my_password"
               truststoreFile="conf/keystore" truststorePass="my_password"/>
(I initially just added the keystore line, added the truststore line after,
which does not appear to have had any impact either way)

And also added the truststore file and password to JAVA_OPTS in the
environment: JAVA_OPTS=-Xms512m -Xmx1024m -XX:PermSize=512m
-Djavax.net.ssl.truststore=/opt/york/tomcat/conf/keystore
-Djavax.net.ssl.trustStorePassword=my_password

 I then used <transport-guarantee>CONFIDENTIAL</transport-guarantee> to
enforce SSL redirection. This seems to work just fine on muradora alone,
which redirects to https as expected,  but as soon as I try to add SSL
transport enforcement to the security contraints for either the API-M or the
API-A I run into problems. Adding 
                <user-data-constraint>
                        <transport-guarantee>
                                CONFIDENTIAL
                        </transport-guarantee>
                </user-data-constraint>

To either the API-M or  the  API-A appears to prevent muradora from
succesfully logging in to fedora, attempting to access a data stream (with a
constraint on API-M only) produces the error "error.jsp :
au.edu.mq.melcoe.ramp.FedoraClientException: Error listing datastreams: ;
nested exception is:
        java.net.SocketException: Default SSL context init failed: Keystore
was tampered with, or password was incorrect" . Yet the fedora administrator
GUI  still appears able to operate succesfully. 
Can anyone throw any light on what may be going on?
 
Cheers
Peri Stracchino
Digital Library Team
University of York
ext 4082 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

Reply via email to