[
https://issues.apache.org/jira/browse/DIRSTUDIO-1205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16706343#comment-16706343
]
Stefan Seelmann commented on DIRSTUDIO-1205:
--------------------------------------------
There are two aspects to consider:
1. Error handling: We need to improve the error handling in Studio. A generic
ERR_04122_SSL_CONTEXT_INIT_FAILURE message is not sufficient, the root cause
must be visible in order to be actionable. Errors especially when using SSL/TLS
can always happen (certificate expired, hostname verification, etc.)
2. The default certificate in ApacheDS: I understand that you want to have
SSL/TLS running ootb. But it's not easy. The limitation of 512bit is there
because of US export limitions, maybe that's more relaxed not but one needs to
do the paper work. But anyway it's just a self-signed certificate where you
always get "untrusted certificate" in the client. I tend to suggest to remove
the default generated certificate from ApacheDS because it causes more problems
than it help. Instead we should document how to create and install a
certificate (self-signed or let's encrypt). With Java 8+ it's even easier, the
JKS format is deprecated and it accepts the PKCS12 format (created by openssl
for example), so no more fiddling with Keytool etc.
> Which platforms does Studio work with TLS?
> ------------------------------------------
>
> Key: DIRSTUDIO-1205
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1205
> Project: Directory Studio
> Issue Type: Bug
> Reporter: Aigo
> Priority: Major
> Fix For: 2.0.0-M15
>
> Attachments: ApacheDirectoryStudio.log, apacheds.log, wrapper.log
>
>
> It sure does not work on the latest Ubuntu, as it fails the SSL handshake,
> and it does the same on the latest CentOS as well. So which platforms does it
> work on?
> I wanted to setup docker container, but not sure if I want to waste any more
> of my time.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
