Last I had checked (and as you've noticed), Tomcat required the keystore
and key passwords to be the same:
http://www.jroller.com/gmazza/entry/ssl_for_web_services
We keep them different, as they are used in testing and debugging and we
want to make sure our code is never using the key password when it
should be using that of the keystore (or vice-versa). Having the same
password for both might have bugs slip through the cracks.
However, it's easy enough to create a new key / keystore with the same
passwords:
http://www.jroller.com/gmazza/entry/metro_sts_tutorial#MetroSTS3
Regards,
Glen
On 01/30/2012 04:32 AM, Christian Stettler wrote:
Dear list,
we are currently playing with the Fediz IDP and STS. In this context, we have
the following issue:
While testing, we want to use the 'mystskey' certificate contained in the
stsstore.jks keystore for the HTTPS connector in Tomcat (the one used to access
the STS servlet via HTTPS). Unfortunately, the keystore password seems not to
match the key password of the 'mystskey' private key. When configuring the
Tomcat HTTPS connector with:
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="<path/to>/stsstore.jks" keystorePass=" stsspass" keyAlias="
mystskey" keyPass=" stsspass"
sslProtocol="TLS" />
we get the following exception in Tomcat:
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover (KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey
(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey
(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
...
Does anyone know password of the 'mystskey' key? Or do you see another reason
for this issue?
Thank you& regards,
Christian
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
