Did you check the docs at http://db.apache.org/derby/docs/10.9/adminguide/cadminssl.html ?
Thanks, Dag On 10.01.2013 05:40, Thomas Hill wrote: > Hi, > currently trying to switch from basic authentication to peer Authentication, > but > having trouble with understanding serverTrustStore content. > > Have gone through the following scenarios: > 1) in my current set-up I am starting the network server and the client(s) > with > basic authentication - this works fine > 2) left the server starting with requesting basic authentication, but changed > my > client to request peerAuthentication - this works fine (so the additional > clientTrustStore file is set-up correctly) > 3) changed set-up so both server and clients request peer Authentication > a) when importing just the trusted client certificate into the > serverTrustStore > I am getting a communication error - my assumption was this import is all > needed > for this file > b) when importing the key pair of the client certificate into the > serverTrustStore I am getting a communications error as well > c) when importing two trusted certificates (not key pairs) into the > serverTrustStore, i.e. the trusted client certificate and the certificate of > the > signing CA no error is thrown and I can access data, BUT this is true not only > when using the trusted certificate imported into the truststore, but > surprisingly also for other certificates signed by this CA. > -> So how do I need to do the set-up so that peerAuthentication is activated > and > restricts data access only to those client certificates that I have imported > into the truststore? > > Thanks >
