On Dec 1, 2008, at 7:18 PM, Christian Svensson wrote:
Hello!
I've been trying for the better part of today getting keystores to
automatically unlock on startup - with very limited success.
Is there something that I should know about keystore password / key
password? Digging around some old mailing list threads said
something about key password must be equal to keystore password -
any more of those gotchas?
The problem is that I create (or change password on geronimo-default
for that matter) a new keystore, assign SSL to use the certificate
and restart the server:
org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
'plasma-ssl' is locked; please use the keystore page in the admin
console to unlock it
at
org
.apache
.geronimo
.security
.keystore
.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:343)
at
org
.apache
.geronimo
.jetty6
.connector
.GeronimoSelectChannelSSLListener
.createSSLContext(GeronimoSelectChannelSSLListener.java:54)
Resetting the SSL connector to using geronimo-default / geronimo
with secret / secret as passwords makes it work again - but why on
earth doesn't Geronimo unlock my keystores on startup? I mean, it
saves the password (or something like it) in config.xml.
Hmm. I recall an issue similar to this. Can't say that I've tried it,
either. Hoping that maybe Vamsi can offer some advice?
--kevan
