From fe42a13114101499fbf97c05e40ed3030216ab95 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 15 Mar 2011 23:00:54 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50925
 Update docs for keyPass attribute

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1081980 13f79535-47bb-0310-9956-ffa450edef68
---
 webapps/docs/changelog.xml |  4 ++++
 webapps/docs/ssl-howto.xml | 17 ++++++-----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 023f8aabe..5c2e943d1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,6 +106,10 @@
         Slightly expanded the documentation of the Host element to clarify the
         relationship between host name and DNS name. (markt)
       </add>
+      <fix>
+        <bug>50925</bug>: Update SSL how-to to take account of
+        <code>keyPass</code> connector attribute. (markt)
+      </fix>
     </changelog>
   </subsection>"
   <subsection name="Other">
diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index 21beed1d0..653a7062e 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -265,21 +265,16 @@ sure that the information provided here matches what they will expect.</p>
 
 <p>Finally, you will be prompted for the <em>key password</em>, which is the
 password specifically for this Certificate (as opposed to any other
-Certificates stored in the same keystore file).  You <strong>MUST</strong>
-use the same password here as was used for the keystore password itself.
-This is a restriction of the Tomcat implementation.
-(Currently, the <code>keytool</code> prompt will tell you that pressing the
-ENTER key does this for you automatically.)</p>
+Certificates stored in the same keystore file). The <code>keytool</code> prompt
+will tell you that pressing the ENTER key automatically uses the same password
+for the key as the keystore. You are free to use the same password or to select
+a custom one. If you select a different password to the keystore password, you
+will also need to specify the custom password in the <code>server.xml</code>
+configuration file.</p>
 
 <p>If everything was successful, you now have a keystore file with a
 Certificate that can be used by your server.</p>
 
-<p><strong>Note:</strong> your private key password and keystore password
-should be the same.  If they differ, you will get an error along the lines
-of <code>java.io.IOException: Cannot recover key</code>, as documented in 
-<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38217">Bugzilla issue 38217</a>, 
-which contains further references for this issue.</p>
-
 </subsection>
 
 <subsection name="Edit the Tomcat Configuration File">
-- 
2.11.0