#9 Support for RSAPrivateKey.getModulus()
Closed: fixed 3 years ago Opened 3 years ago by edewata.

In order to run Tomcat 8.5+ with SSL server certificate and key stored in HSM, the Tomcat HTTP NIO connector needs to be configured with PKCS #11 keystore with JSS as keystore provider. When Tomcat is configured this way, it will execute the following code in sun.security.KeyUtil to determine the size of the RSA key based on its modulus:

public static final int getKeySize(Key key) {
    ...
    } else if (key instanceof RSAKey) {
        RSAKey pubk = (RSAKey)key;
        size = pubk.getModulus().bitLength();
    ...
}

However, currently the RSAPrivateKey.getModulus() is not supported in JSS, so Tomcat will fail to start properly.

Some possible solutions are discussed in this page:
http://www.dogtagpki.org/wiki/JSS_4.5_Supporting_RSAPrivateKey.getModulus()


Metadata Update from @edewata:
- Issue assigned to edewata

3 years ago

Metadata Update from @edewata:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: fixed
- Issue set to the milestone: 4.5.0
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata