Hi, Please see my response inline.
-Satish On Wed, Nov 23, 2011 at 2:32 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Satish Mittal [mailto:satish.mit...@gmail.com] > > Subject: Tomcat 7 not working with javax.net.ssl.keyStorePassword > property > > > In my tomcat webapp, before I spawn another tomcat > > webapp process > > I'll bite: what does that mean? What part of the servlet spec covers that > action? > > As per my product design, I have a parent process (tomcat webapp) that needs to spawns another tomcat webapp process and configure its server.xml. However I get the same behavior with the parent tomcat process itself, so these details don't matter here. > > I pass on the keystore password by setting the system property > > "javax.net.ssl.keyStorePassword" to keystore password, instead of > > writing the keystore password in plain-text as an attribute in > > server.xml. > > What makes you think this will work? > > > This used to work in tomcat 5. > > Interesting. Where is this documented to work? > As per the tomcat documentation, Tomcat can use two different implementations of SSL: - the JSSE implementation provided as part of the Java runtime (since 1.4) - the APR implementation, which uses the OpenSSL engine by default. In my installation, I use JSSE implementation. The javax.net.ssl.keyStorePassword property is supported by JSSE. > > However in tomcat 7, the same webapp/keystore throws the following > > error: > > > > Nov 22, 2011 8:04:45 PM org.apache.coyote.AbstractProtocol init > > SEVERE: Failed to initialize end point associated with > > ProtocolHandler ["http-bio-8096"] java.io.IOException: Keystore was > > tampered with, or password was incorrect > > You probably didn't set the password. :( > > If you go to tomcat documentation at http://tomcat.apache.org/tomcat-5.5-doc/config/http.html#SSL_Support, you would find that multiple JSSE properties (related to trustStore) are supported by Tomcat as a mechanism to pass the value instead of specifying them explicitly in server.xml. I know that for keyStorePassword, it is not documented. However since this mechanism was working in tomcat 5, I want to check whether anyone else has observed this change in tomcat 7. -Satish THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > -- "The happiest of people donĀ“t necessarily have the best of everything, they just make the most of everything that comes along their way."
