Re: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
On 05/07/17 11:47, Frank Taffelt wrote: >> I don't think that will work because you can't read the key out of the >> keystore. > > The keystore API has the getKey(alias,keypass) method that should give you > the key. copying the entry could be: > > KeyStore newks = KeyStore.getInstance("JKS"); > newks.load(null, null); > newks.setKeyEntry(alias, ks.getKey(alias, keypass), keypass, > ks.getCertificateChain(alias)); Neat. Thanks works nicely. Fix committed for 9.0.x and 8.5.x You also get your name in the commit log and the change log. http://svn.apache.org/viewvc?rev=1800867=rev http://svn.apache.org/viewvc?rev=1800868=rev Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
> I don't think that will work because you can't read the key out of the > keystore. The keystore API has the getKey(alias,keypass) method that should give you the key. copying the entry could be: KeyStore newks = KeyStore.getInstance("JKS"); newks.load(null, null); newks.setKeyEntry(alias, ks.getKey(alias, keypass), keypass, ks.getCertificateChain(alias)); hth, Frank
Re: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
On 04/07/2017 07:32, Frank Taffelt wrote: > Hi Thomas, > >> By far the simplest solution is to have one keystore per private key. > > so maybe this could go into the docs section. Updated. Will be included in the next release (not the one currently being voted on). >> I find the JSSE API tricky to navigate at the best of times so it is possible >> I have missed something. If I have, feel free to point me in the right >> direction. Better yet, provide some code that shows how to use >> KeyManagerFactory with a keystore that has multiple keys each with a >> different >> password. > > yes, i also wondered on the API of KMF having only one password on the init > method. Could creating a runtime inmemory keystore with the keyentry from the > original keystore help? I don't think that will work because you can't read the key out of the keystore. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "End of life for Apache Tomcat 8.0.x" page title
Hi, 2017-07-05 1:30 GMT+03:00 Adam Rauch: > > I noticed that the current element for the new EOL page is: "Apache Tomcat® - End of life for Apache Tomcat 6.0.x". You may want to adjust the version to "8.0.x." Thanks for spotting this. It should be Ok now. Regards, Violeta > Thanks, > Adam > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >