-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Daniel,
On 9/10/20 09:09, Daniel Skiles wrote: > Is it possible to change the keystore alias of the _default_ > SSLHostConfig's certificate while tomcat is running? > > At present, I'm trying to move the _default_ certificate from one > certificate in my keystore, to another. I modify the server.xml, > then I call the reloadSslHostConfigs MBean operation. The > operation throws an error that boils down to a > jsse.alias_no_key_entry error that comes back from the JVM. > > Is this a technical limitation on SNI/SSLHostConfig, or am I > missing something here? Did you remove all server certificates from your keystore and then try to bounce the connector? That's not going to work because the connector requires a server key and certificate. Instead of "moving" the cert, consider copying the certificate instead. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9aR2MACgkQHPApP6U8 pFjomg/9FqiIt/N4Ap/2SfpupzkHdzUQGwTvCXEXDZl8Z+jMrr1TaMjUGgIjOgFk MUbNxrQRxfV0Mc1aipE0doU8/5Ps9rmluceC8SLkrmf7+ir9YnRXYYfYt1EV1Y+o Bcb1/ZoRXayImZntEH8+J/8qbg58wk/xlLalPsjDgJ3MOJrw/AD7A1caBUuLCnxc ZZWGCm6skRoCKZuVQWfEVU2c02gv2K2ga7TLQ68MJUv1/qH40escUIGgdTReYYIV vxZ/3L/Nab9055ZCDriSn3HPTt2CD/4na7fgYVjAP5TntX6nfIiXvAA0h/Tba6KY iYgPm0tv7M+nXqWDUSpi5IKQ3rSCpHgRhjq9wqii18SvKpYk0JbYxSMZIJtz9PVQ uBdYUFOZadchcp9KASDEd7WUeKnmxYsX4Qn7NVtVgrrwYewj33ETlUoB5zFzmYMI 8+K0g+b9/AhWtVLOMFcL+kCKWjwpANu9wvHWUnOS7urZVPQ7i/5yCt0N8fNsmCYj m5SPYXwExOzYBy4esH+3za9qSC//GxB+xW9lJHCZMaZmx4LClq2qC2EXXpSAm/WO Pz25gGaQog5dNvf0AN/y7u7od3QTQmNqOYS3S6cRPkadlRt25QocgQV4gVulRDY1 kjnJ1Tf5p1v/Y/SqD6k2NOwXeiNUC/AOm/+8LLQgxAjn1zMVJUg= =MuZ9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
