Ahh ... I see. It needs to be the same JDK where JSSE was installed in order to
specify RSA as the algorithm.
Applied the patches. Thanks!
Quoting Patrick Luby <[EMAIL PROTECTED]>:
> Christopher,
>
> You are correct that this problem has nothing to do with Tomcat.
> Instead, it is a merely a problem that comes from having more than 1
> JDK
> installation on your local host.
>
> Specifically, the problem I described shows up on Unix platforms where
> your $PATH environment variable points to a different JDK installation
> than the installation that $JAVA_HOME is set to for building and running
> Tomcat.
>
> For example, on Solaris 8, /usr/bin contains all of the JDK 1.2.1
> tools
> including keytool. Since /usr/bin is, for most poeple, near the
> beginning of $PATH, invoking keytool will result in the JDK 1.2.1
> version being used. This does not cause a problem if I set $JAVA_HOME
> to
> /usr when building and running Tomcat. It only becomes a problem when
> you set $JAVA_HOME to a different JDK installation. In my case, my
> $JAVA_HOME is set to a separate JDK 1.3.1 installation.
>
> The problem in the above case is that, if I followed the Tomcat SSL
> setup instructions properly, I will have installed JSSE in my
> $JAVA_HOME
> JDK installation but I will end up invoking keytool from my JDK 1.2.1
> installation. Since I did not install JSSE in my JDK 1.2.1
> installation,
> keytool will be unable to generate a keystore with the RSA algorithm.
>
> Since this problem is merely an issue of invoking the correct keytool
> version, I changed the instructions from:
>
> execute "keytool"
>
> to:
>
> execute "$JAVA_HOME/bin/keytool"
>
> to ensure that the keytool is executed from the same JDK that you
> installed JSSE into.
>
> Hope that clears it up,
>
> Patrick
>
> Christopher Cain wrote:
> >
> > Hi Patrick. Could you explain this a little further? Actually creating
> a
> > keystore using keytool of course has nothing to do with Tomcat per se,
> so I
> > assume you mean that the keystore created might not work with Tomcat.
> Under
> > what conditions would a keystore generated by one JDK not work with
> another
> > JDK? In testing, I was able to generate a keystore on a Windoze box
> with JDK
> > 1.3.1, copy it over to a Linux box running 1.3.0, and successfully
> start up
> > Tomcat and access a page over SSL. If you have a properly-formatted
> JKS store,
> > why would it matter which JDK produced it?
> >
>
> --
> _____________________________________________________________________
> Patrick Luby Email: [EMAIL PROTECTED]
> Software Engineering Manager Phone: 408-863-3284
> Sun Microsystems
> 901 San Antonio Road, UCUP01-103
> Palo Alto, CA 94303-4900
> _____________________________________________________________________
>
- Christopher
/**
* Pleurez, pleurez, mes yeux, et fondez vous en eau!
* La moitié de ma vie a mis l'autre au tombeau.
* ---Corneille
*/
