On Fri, Feb 4, 2011 at 7:00 PM, Thilina Buddhika <[email protected]> wrote:
> Hi Devs, > > Currently we are setting wso2carbon.jks as the default trust-store in a > Carbon instance. This is set during the server startup inside the > CarbonServerManager class. > > IMO, it should be client-truststore.jks which should be set as the default > trust-store in Carbon while treating wso2carbon.jks only as the primary key > store. Usually users manage their primary key stores separately from the > trust store. But with the current implementation, they have to import some > of certificates to the primary key store to get certain scenarios working. > +1 Then we are not going to ship the CA certificates with wso2carbon.jks ? Thanks, Asela. > > Also for transports, we are using wso2carbon.jks as the key store while > using client-truststore.jks as the trust-store. So it will be more > consistent to use client-truststore.jks as the system wide trust store > instead of the wso2carbon.jks. > > To make this change, we have to add a new configuration element to the > carbon.xml similar to the existing key store configuration. > > Let us know your feedback on this. > > Thanks, > Thilina > > -- > Thilina Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
