DO NOT REPLY [Bug 38217] New: - mention that private key password and keystore password need to be the same (avoid "IOException: Cannot recover key")

Tue, 10 Jan 2006 11:01:59 -0800 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38217

           Summary: mention that private key password and keystore password
                    need to be the same (avoid "IOException: Cannot recover
                    key")
           Product: Tomcat 5
           Version: 5.5.14
          Platform: Other
               URL: http://tomcat.apache.org/tomcat-5.5-doc/ssl-
                    howto.html#Prepare the Certificate Keystore
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connector:Coyote
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: [EMAIL PROTECTED]


As per org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystorePassword()
"keypass" and "keystorePass" are the same.

If e.g. with using http://sf.net/projects/portecle, some people are tempted to
set a different key on the private key.

Then, they get
<<Error initializing endpoint
java.io.IOException: Cannot recover key
 at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
 at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
 at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
 at 
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
 at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
...>>

It would be great if there were a cautionary note in the ssl-howto.html

see also http://www.ponton-consulting.de/en/faq/faq_advanced.html

I guess the test at the bottom of
http://marc.theaimsgroup.com/?l=tomcat-user&m=109363993616257&w=2 would succeed
despite what is claimed...

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to