Hello, Windows-MY is a java 6 provider that wraps the MSCAPI to access certificates in the keystore of Windows (the store used when you go to Options>Content>Certificates in Internet Explorer). This store has the advantage that allows you to use certificates based on your user but, at the same time, this certificates can be impossible to copy (export). So, there is no place of the store (the same happens when you use PKCS11, there is no location of the store in the hard disk, you even specify keystore NONE). So, there is not a problem of *where* is the store, as the store is really in the registry of Windows.
Java is able to open it (the keys appears when using keytool), but Tomcat seems unable to do it, so I suspect Tomcat uses some method to open it that is not exactly delegating in the provider. Somebody has found a workaround or a solution? Thanks, John, for your answers, and thanks all of you 2008/2/8, Johnny Kewl <[EMAIL PROTECTED]>: > > > > --------------------------------------------------------------------------- > HARBOR: http://coolharbor.100free.com/index.htm > The most powerful application server on earth. > The only real POJO Application Server. > Making the Java dream come true. > > --------------------------------------------------------------------------- > ----- Original Message ----- > From: "Luis Villa" <[EMAIL PROTECTED]> > To: <users@tomcat.apache.org> > Sent: Friday, February 08, 2008 12:46 PM > Subject: Tomcat SSL, Windows 2003 and Windows-My Provider > > > > Hello all, > > > > I'm trying to configure a Tomcat 6 server with SSL using the Windows-My > > provider from java 6. I've been able to do it in Windows XP and it works > > perfectly, but when executing in Windows 2003, tomcat is not able to > open > > the keystore (it says it cannot find .keystore file, althought the > > configuration is completely the same as in WindowsXP). > > Hi... listen I think its because the .ketstore file is stored in the user > folder... > and that is changing... > > So when you logon its in "Docs and Settings"/Username... > but when the service starts as "system" user, that location is now under > C:/ > I think... > > So, either try change the service configuraion to run in your user name, > or > figure out where its looking for it and move the keystore there.... > > IF you start tomcat from the BAT file... it will run in your user name... > if > that works, then you can > eliminate configurations problems and just try figure out where 2003 is > hiding the user location... > I think.... > > > I'm using the following connector: > > > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="true" sslProtocol="TLS" > > keystoreType="Windows-MY" > > keyAlias="myKey" > > /> > > On our sytems we seem to be using the default stuff... > I actually dont know what "Windows-MY" is ;) > > <Connector port="443" maxHttpHeaderSize="8192" > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" scheme="https" secure="true" > > clientAuth="false" keystorePass="xxxxxx" sslProtocol="TLS" /> > > > > I've accessed the store with 'keytool -list -storetype Windows-MY' and > it > > works (it shows myKey). Is there more configuration needed in W2003 > > (permissions, policies, etc)? has someone found this problem before? > > > > Thanks in advance > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
