[ https://issues.apache.org/jira/browse/GERONIMO-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12557675#action_12557675 ]
Vamsavardhana Reddy commented on GERONIMO-2015: ----------------------------------------------- Sun's PKCS12 implementation does not allow storing trusted certificate entries in a keystore. This will be a problem if one wants to configure ClientAuth for HTTPS, etc. > Let's replace JKS to PKCS12 key store type > ------------------------------------------ > > Key: GERONIMO-2015 > URL: https://issues.apache.org/jira/browse/GERONIMO-2015 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: security > Reporter: Nikolay Chugunov > Fix For: Wish List > > Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java, > jksToPKCS12.patch, keystore > > > Hello > Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key > store and Geronimo may not work on non-Sun VMs. > To fix this problem I have created the patch for Geronimo sources. > In brief the patch (attached) replaces JKS to PKCS12 key store type in > configurations files. > PKCS12 format of key store file is not java-specific and can be created and > read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in > Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is > Sun specific key store and does not exist in Bouncy Castle. > Also it is needed to replace JKS to PKCS12 keystore file (attached) to > assemblies/j2ee-tomcat-server/src/var/security, > assemblies/j2ee-installer/src/var/security, > assemblies/j2ee-jetty-server/src/var/security directories. Key store file was > generating using JKSToPKCS12 class (attached). This class transfers key and > certificate of Geronimo from JKS to PKCS12. > After I apply this patch to Geronimo 1.0 sources and build Geronimo I can > login to Geronimo console over https. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.