Looks good. On Sun, Feb 6, 2011 at 9:47 AM, Thilina Buddhika <[email protected]> wrote: > This is the resulting security configuration section after adding > trust-store related entries (appearing in bold text). > <Security> > <!-- > KeyStore which will be used for encrypting/decrypting passwords > and other sensitive information. > --> > <KeyStore> > <!-- Keystore file location--> > > <Location>${carbon.home}/resources/security/wso2carbon.jks</Location> > <!-- Keystore type (JKS/PKCS12 etc.)--> > <Type>JKS</Type> > <!-- Keystore password--> > <Password>wso2carbon</Password> > <!-- Private Key alias--> > <KeyAlias>wso2carbon</KeyAlias> > <!-- Private Key password--> > <KeyPassword>wso2carbon</KeyPassword> > </KeyStore> > <!-- > System wide trust-store which is used to maintain the > certificates of all > the trusted parties. > --> > <TrustStore> > <!-- trust-store file location --> > > <Location>${carbon.home}/resources/security/client-truststore.jks</Location> > <!-- trust-store type (JKS/PKCS12 etc.) --> > <Type>JKS</Type> > <!-- trust-store password --> > <Password>wso2carbon</Password> > </TrustStore> > <!-- > The directory under which all other KeyStore files will be stored > --> > > <KeyStoresDir>${carbon.home}/repository/conf/keystores</KeyStoresDir> > <!-- > The Tomcat realm to be used for hosted Web applications. Allowed > values are; > 1. UserManager > 2. Memory > If this is set to 'UserManager', the realm will pick users & roles > from the system's > WSO2 User Manager. If it is set to 'memory', the realm will pick > users & roles from > CARBON_HOME/repository/conf/tomcat-users.xml > --> > <TomcatRealm>UserManager</TomcatRealm> > </Security> > > Thanks, > Thilina > On Fri, Feb 4, 2011 at 7:44 PM, Afkham Azeez <[email protected]> wrote: >> >> Go ahead and add it to the security section of the carbon.xml. Please send >> the configuration you wish to add along with the full security config >> section. >> >> On Fri, Feb 4, 2011 at 7:00 PM, Thilina Buddhika <[email protected]> >> wrote: >>> >>> Hi Devs, >>> Currently we are setting wso2carbon.jks as the default trust-store in a >>> Carbon instance. This is set during the server startup inside the >>> CarbonServerManager class. >>> IMO, it should be client-truststore.jks which should be set as the >>> default trust-store in Carbon while treating wso2carbon.jks only as the >>> primary key store. Usually users manage their primary key stores separately >>> from the trust store. But with the current implementation, they have to >>> import some of certificates to the primary key store to get certain >>> scenarios working. >>> Also for transports, we are using wso2carbon.jks as the key store while >>> using client-truststore.jks as the trust-store. So it will be more >>> consistent to use client-truststore.jks as the system wide trust store >>> instead of the wso2carbon.jks. >>> To make this change, we have to add a new configuration element to the >>> carbon.xml similar to the existing key store configuration. >>> Let us know your feedback on this. >>> Thanks, >>> Thilina >>> >>> -- >>> Thilina Buddhika >>> Senior Software Engineer >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >> >> >> -- >> Afkham Azeez >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> >> Member; Apache Software Foundation; http://www.apache.org/ >> email: [email protected] cell: +94 77 3320919 >> blog: http://blog.afkham.org >> twitter: http://twitter.com/afkham_azeez >> linked-in: http://lk.linkedin.com/in/afkhamazeez >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Thilina Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
-- Afkham Azeez Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, Member; Apache Software Foundation; http://www.apache.org/ email: [email protected] cell: +94 77 3320919 blog: http://blog.afkham.org twitter: http://twitter.com/afkham_azeez linked-in: http://lk.linkedin.com/in/afkhamazeez Lean . Enterprise . Middleware _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
