David Jencks wrote:
On Mar 12, 2007, at 1:26 AM, Lasantha Ranaweera wrote:
Hi Folks,
I noticed some in consistencies in the Geronimo console when it comes
to Jetty & Tomcat environments while we are creating HTTPS listeners
(two different UIs). Tomcat GUI support both PKCS12 and JKS key
stores while Jetty only supports JKS (there are some other
differences too). Is there any reason behind this kind of change?
Can't we use the same GUI for this kind of activity because it will
give G user same environment whether it is Tomcat or Jetty ?
Also in Tomcat HTTPS listener supports PKCS12 key store type G
currently only supports JKS type. Can't we add the PKCS12 in to the G
key stores since it is more industry standard when it comes to key
stores than JKS? I remembered using bouncy castle as security
provider with PKCS12 sometime back without any issues ;-) . Any
insight would be greatly appriciated.
I would like to spend some of my time on these issues if there is no
big technical (also legal) barrier associated with it :-) .
so far I've stayed out of this discussion :-)
There's been discussion of similar issues in
https://issues.apache.org/jira/browse/GERONIMO-2015. We have to be
very careful about importing more of the bouncy castle code than we
already have to avoid potential patent infringement issues.
From a design perspective I would like to see first that our tomcat
integration uses a keystore gbean like the jetty integration does, and
then the additional keystore be added. However both of these parts
would be great from my point of view.
It looks from the jira comments that some people have concerns about
compatibility across different platforms. Is this taken care of by the
move to jdk 1.5 in g. 2.0?
thanks
david jencks
Thanks David for the information as always ;-) . I will start from the
HTTPSListener side since PKCS12 is bit more complicated right now.
Lasantha
Thanks,
Lasantha
