Using different passwords for certificates and key-/truststore does not work
Environment
JBoss Enterprise Application Platform (EAP) 5.x
Issue
While using JBoss EAP 5.x with SSL and two-way-authentication we got problems with different passwords for certificates and key-/truststore.
This was a know bug for Tomcat : https://issues.apache.org/bugzilla/show_bug.cgi?id=38217 and officially it is fixed since 12th January 2011 in Tomcat version 5.5.14.
However we ran into this bug with JBoss 5.1 which uses JBoss Web 2.1.3 based on Tomcat 6.0.15.
Can this get fixed in JBoss ?
Resolution
This is a common misconception.
The "fix" for that bug was actually to mention the fact in the FAQ.
Taken from [1] (scroll a bit down on that link)
Finally, you will be prompted for the key password, which is the password specifically for this Certificate
(as opposed to any other Certificates stored in the same keystore file). You MUST use the same password
here as was used for the keystore password itself. This is a restriction of the Tomcat implementation.
The same restriction exists in JBoss and there are currently no plans to change this.
[1] http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments