Hello all, I've been looking what the problem could be in the sources, and I've found that the only keystore other than a file that tomcat supports is PKCS11. So, I've modified org.apache.tomcat.util.net.jsse.JSSESocketFactory and it works! It is a simple modification. Now, I'd like to share it, so Tomcat developers could include it in next releases. How could I send the changes to them?
Thanks 2008/2/10, Luis Villa <[EMAIL PROTECTED]>: > > Hello, > > Windows-MY is a java 6 provider that wraps the MSCAPI to access > certificates in the keystore of Windows (the store used when you go to > Options>Content>Certificates in Internet Explorer). This store has the > advantage that allows you to use certificates based on your user but, at the > same time, this certificates can be impossible to copy (export). So, there > is no place of the store (the same happens when you use PKCS11, there is no > location of the store in the hard disk, you even specify keystore NONE). So, > there is not a problem of *where* is the store, as the store is really in > the registry of Windows. > > Java is able to open it (the keys appears when using keytool), but Tomcat > seems unable to do it, so I suspect Tomcat uses some method to open it that > is not exactly delegating in the provider. Somebody has found a workaround > or a solution? > > Thanks, John, for your answers, and thanks all of you > > > 2008/2/8, Johnny Kewl <[EMAIL PROTECTED]>: > > > > > > > > --------------------------------------------------------------------------- > > HARBOR: http://coolharbor.100free.com/index.htm > > The most powerful application server on earth. > > The only real POJO Application Server. > > Making the Java dream come true. > > > > --------------------------------------------------------------------------- > > ----- Original Message ----- > > From: "Luis Villa" <[EMAIL PROTECTED]> > > To: <users@tomcat.apache.org> > > Sent: Friday, February 08, 2008 12:46 PM > > Subject: Tomcat SSL, Windows 2003 and Windows-My Provider > > > > > > > Hello all, > > > > > > I'm trying to configure a Tomcat 6 server with SSL using the > > Windows-My > > > provider from java 6. I've been able to do it in Windows XP and it > > works > > > perfectly, but when executing in Windows 2003, tomcat is not able to > > open > > > the keystore (it says it cannot find .keystore file, althought the > > > configuration is completely the same as in WindowsXP). > > > > Hi... listen I think its because the .ketstore file is stored in the > > user > > folder... > > and that is changing... > > > > So when you logon its in "Docs and Settings"/Username... > > but when the service starts as "system" user, that location is now under > > C:/ > > I think... > > > > So, either try change the service configuraion to run in your user name, > > or > > figure out where its looking for it and move the keystore there.... > > > > IF you start tomcat from the BAT file... it will run in your user > > name... if > > that works, then you can > > eliminate configurations problems and just try figure out where 2003 is > > hiding the user location... > > I think.... > > > > > I'm using the following connector: > > > > > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > > > maxThreads="150" scheme="https" secure="true" > > > clientAuth="true" sslProtocol="TLS" > > > keystoreType="Windows-MY" > > > keyAlias="myKey" > > > /> > > > > On our sytems we seem to be using the default stuff... > > I actually dont know what "Windows-MY" is ;) > > > > <Connector port="443" maxHttpHeaderSize="8192" > > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > > > enableLookups="false" disableUploadTimeout="true" > > > > acceptCount="100" scheme="https" secure="true" > > > > clientAuth="false" keystorePass="xxxxxx" sslProtocol="TLS" /> > > > > > > > I've accessed the store with 'keytool -list -storetype Windows-MY' and > > it > > > works (it shows myKey). Is there more configuration needed in W2003 > > > (permissions, policies, etc)? has someone found this problem before? > > > > > > Thanks in advance > > > > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
