Details
Major Description
Here's the contents of the keystore:
-----8<-------
[nsadmin@hive ~]$ keytool -list -keystore /webetc/keys/arena-dev-web.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 3 entries
plm.qa.bom.com-arena-server, Jan 24, 2007, keyEntry,
Certificate fingerprint (MD5):
24:4F:8D:F8:E0:B7:EA:C2:CD:FE:0E:77:81:B0:34:DC
plm.ref.bom.com-arena-server, Jan 24, 2007, keyEntry,
Certificate fingerprint (MD5):
41:03:90:6F:15:1B:C3:C7:3F:3D:6C:ED:74:B0:9F:FE
plm.dev.bom.com-arena-server, Nov 26, 2006, keyEntry,
Certificate fingerprint (MD5):
8C:58:3E:C5:F2:3B:01:0C:65:53:5D:23:12:C5:6C:08
[nsadmin@hive ~]$
-----8<-------
...and here's the gbean we are using to declare the HTTPS Connector:
-----8<-------
<gbean gbeanInfo="org.apache.geronimo.tomcat.HttpsConnectorGBean"
name="geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,
j2eeType=GBean,name=plm.ref.bom.com-arena-server">
<attribute name="name">plm.ref.bom.com-arena-server</attribute>
<attribute name="protocol">HTTPS</attribute>
<attribute name="host">plm.ref.bom.com</attribute>
<attribute name="port">4431</attribute>
<attribute name="maxThreads">50</attribute>
<attribute name="acceptQueueSize">100</attribute>
<!-- <attribute
name="initParams">keyAlias=plm.ref.bom.com-arena-server</attribute> -->
<attribute name="keystoreType">JKS</attribute>
<attribute
name="keystoreFileName">/webetc/keys/arena-dev-web.jks</attribute>
<attribute
name="keystorePassword">
ZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50
cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4
cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHfsR
W7PUcHQAA0FFUw==</attribute>
<attribute name="secureProtocol">Default</attribute>
<attribute name="algorithm">Default</attribute>
<attribute name="clientAuthRequired">False</attribute>
<attribute name="truststoreType">JKS</attribute>
<attribute
name="truststoreFileName">/webetc/CA/trusted-authorities-certs.jks</attr
ibute>
<attribute
name="truststorePassword">{Simple}
rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2
JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW
50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AA
J4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAIGSR0Xtc+HC5SaER/SUEd6yUduVcQW9y6ZEbHf
sRW7PUcHQAA0FFUw==</attribute>
<reference name="TomcatContainer">
<pattern>
<groupId>geronimo</groupId>
<artifactId>tomcat</artifactId>
<version>1.1.1</version>
<type>car</type>
<name>TomcatWebContainer</name>
</pattern>
</reference>
<reference name="ServerInfo">
<pattern>
<groupId>geronimo</groupId>
<artifactId>j2ee-system</artifactId>
<version>1.1.1</version>
<type>car</type>
<name>ServerInfo</name>
</pattern>
</reference>
</gbean>
-----8<-------
WAS CE starts this Gbean happily, but when the connector receives a
connection from an HTTPS client, it uses the
"plm.qa.bom.com-arena-server" keyEntry (that is, the first keyEntry
listed in the keystore). I would like to be able to specify which
keyEntry is used for each HTTPS connector.
If I uncomment the "initParams" element, then WAS CE fails on startup
with this error:
-----8<-------
Module 3/5 geronimo/tomcat/1.1.1/car
13:59:14,512 ERROR [GBeanInstanceState] Error while starting; GBean is
now in the FAILED state:
abstractName="geronimo/tomcat/1.1.1/car?configurationName=geronimo/tomca
t/1.1.1/car"
org.apache.geronimo.kernel.config.InvalidConfigException: No attribute:
initParams for gbean:
geronimo/tomcat/1.1.1/car?ServiceModule=geronimo/tomcat/1.1.1/car,j2eeTy
pe=GBean,name=plm.ref.bom.com-arena-server
at
org.apache.geronimo.system.configuration.LocalAttributeManager.setAttrib
utes(LocalAttributeManager.java:197)
...
13:59:14,521 ERROR [Daemon] Exception caught while starting
configurations.
Exception=org.apache.geronimo.kernel.config.LifecycleException: load of
geronimo/tomcat/1.1.1/car failed
Server startup failed
-----8<-------
Any help would be appreciated.