[jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type

Thu, 10 Jan 2008 07:56:03 -0800 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12557675#action_12557675
 ] 

Vamsavardhana Reddy commented on GERONIMO-2015:
-----------------------------------------------

Sun's PKCS12 implementation does not allow storing trusted certificate entries 
in a keystore.  This will be a problem if one wants to configure ClientAuth for 
HTTPS, etc.

> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>                 Key: GERONIMO-2015
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2015
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Nikolay Chugunov
>             Fix For: Wish List
>
>         Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java, 
> jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key 
> store and Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in 
> configurations files. 
> PKCS12 format of key store file is not java-specific and can be created and 
> read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in 
> Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is 
> Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to 
> assemblies/j2ee-tomcat-server/src/var/security, 
> assemblies/j2ee-installer/src/var/security, 
> assemblies/j2ee-jetty-server/src/var/security directories. Key store file was 
> generating using JKSToPKCS12 class (attached). This class transfers key and 
> certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can 
> login to Geronimo console over https.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to