Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: TC5 + SSL: Keystore password bound to default "changeit"?

Jean-Francois Arcand

2003-12-10

Replies:



Baer Peter Christoph Alexander wrote:

>Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah:
>
>
>>Remy Maucherat wrote:
>>  
>>
>>>Baer Peter Christoph Alexander wrote:
>>>    
>>>
>>>>Hi!
>>>>
>>>>I have a question about something, I observe, but don't
>>>>want to believe... ;-)
>>>>
>>>>Tomcat 5 can use my keystore, but only if the password is
>>>>"changeit", the default password. Now, the docs say, one
>>>>should use this, but with TC 4.0.6 it was possible to
>>>>change it. Is the password hard coded in TC 5?
>>>>    
>>>>
>>>I didn't test that particular feature myself, but I believe this works
>>>ok.
>>>The way connectors parameters (and in particular SSL parameters) are
>>>defined changed in TC 5.0.x. Look there:
>>>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html
>>>There's the SSL howto also.
>>>    
>>>
>>Also, you might want to make sure that the password of your *target key*
>>matches your keystore password. I'm not sure how that plays out in
>>tomcat world, but I can see that to be a problem if the server assumes
>>the key's password to be the same as that of the keystore.
>>  
>>
>
><Thoughts>
><Just an idea>
>server.xml is an XML file. It used to be XML in TC4, and it
>ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T
>stylesheet converting old config files into newer formats?
>That would considerably ease migration/upgrade pains...
></Just an idea>
>
>
Yes, it could. You're more than Welcome to submit a patch :-)


><Just an idea>
>If we had an XML schema definition (be it W3C XML schema,
>Relax NG or whatever), an XML editor like Pollo or XML Spy
>could validate the config file. This would help to avoid and
>reveal mistakes and thus speed up Tomcat configuration...
></Just an idea>
>
>
Just search that list on the topic ;-) It is not possible at the moment
to have a DTD or schema for the server.xml (due to its complexity). If
you have time and think you can come with something, a second patch is
welcome!

-- Jeanfrancois

></Thoughts>
>
>Regards
>
>  Alex
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)



©2008 junlu.com - Jax Systems, LLC, U.S.A.