Thanks for your responses Chuck & Hassan. I did have a good look into my use of the keystoreFile attribute and made sure there was no .keystore sitting in the default location in my home dir that might be confusing things. I was thinking .keystore on the default path with "changeit" as the password might have been overriding things perhaps.
But that wasn't it. I believe my use of Tomcat through Eclipse 3.2 & the Web Standard Tools (WST) plugin might be the source of my issues. That method is definitely failing with anything other than a "changeit" password. Doesn't matter if I hit return to use the same key password for <tomcat> as the keystore one I first enter (or if I type same). I'm trying to verify this as the problem by closing Eclipse and running Tomcat directly, but in doing that I'm hitting a different problem: requests via https are getting no response at all that way. The same requests over http work fine. The https requests don't even generate an access log entry ! Hitting https://localhost:8443/ fails to get a response. Hitting http://localhost:8080/ works fine. Hitting http://localhost:8443/ causes the Tomcat5.exe process to consume vast quantities of CPU, though the root index.jsp file is served quickly - and the CPU continues to be consumed. The server.xml is: <Server port="8005" shutdown="SHUTDOWN"> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="30000" disableUploadTimeout="true" /> <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" connectionTimeout="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> </Host> </Engine> </Service> </Server> -----Original Message----- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: 10 July 2007 00:04 To: Tomcat Users List Subject: RE: https in Tomcat 5.5 via basic JKS keytool keystore..not doing what it should ! > From: Ben Iggulden [mailto:[EMAIL PROTECTED] > Subject: RE: https in Tomcat 5.5 via basic JKS keytool > keystore..not doing what it should ! > > Is this keystore password supposed to be changed as I have presumed > (ensuring the same is used in the server.xml connector's keystorePass > attribute as is used in generation) or is using anything other than > "changeit" not typically done ? Did you note the following from the doc? "Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). You MUST use the same password here as was used for the keystore password itself. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.)" Using a password other than "changeit" works properly in both 5.5 and 6.0. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
