Christopher,
You are correct that this problem has nothing to do with Tomcat.
Instead, it is a merely a problem that comes from having more than 1 JDK
installation on your local host.
Specifically, the problem I described shows up on Unix platforms where
your $PATH environment variable points to a different JDK installation
than the installation that $JAVA_HOME is set to for building and running Tomcat.
For example, on Solaris 8, /usr/bin contains all of the JDK 1.2.1 tools
including keytool. Since /usr/bin is, for most poeple, near the
beginning of $PATH, invoking keytool will result in the JDK 1.2.1
version being used. This does not cause a problem if I set $JAVA_HOME to
/usr when building and running Tomcat. It only becomes a problem when
you set $JAVA_HOME to a different JDK installation. In my case, my
$JAVA_HOME is set to a separate JDK 1.3.1 installation.
The problem in the above case is that, if I followed the Tomcat SSL
setup instructions properly, I will have installed JSSE in my $JAVA_HOME
JDK installation but I will end up invoking keytool from my JDK 1.2.1
installation. Since I did not install JSSE in my JDK 1.2.1 installation,
keytool will be unable to generate a keystore with the RSA algorithm.
Since this problem is merely an issue of invoking the correct keytool
version, I changed the instructions from:
execute "keytool"
to:
execute "$JAVA_HOME/bin/keytool"
to ensure that the keytool is executed from the same JDK that you
installed JSSE into.
Hope that clears it up,
Patrick
Christopher Cain wrote:
>
> Hi Patrick. Could you explain this a little further? Actually creating a
> keystore using keytool of course has nothing to do with Tomcat per se, so I
> assume you mean that the keystore created might not work with Tomcat. Under
> what conditions would a keystore generated by one JDK not work with another
> JDK? In testing, I was able to generate a keystore on a Windoze box with JDK
> 1.3.1, copy it over to a Linux box running 1.3.0, and successfully start up
> Tomcat and access a page over SSL. If you have a properly-formatted JKS store,
> why would it matter which JDK produced it?
>
--
_____________________________________________________________________
Patrick Luby Email: [EMAIL PROTECTED]
Software Engineering Manager Phone: 408-863-3284
Sun Microsystems
901 San Antonio Road, UCUP01-103
Palo Alto, CA 94303-4900
_____________________________________________________________________
