[
https://issues.apache.org/jira/browse/GERONIMO-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566186#action_12566186
]
David Jencks commented on GERONIMO-3820:
----------------------------------------
I think the best solution would be to make customize apacheds to be aware of
the geronimo keystore framework similar to what is done in the jetty
integration.
> Secure LDAP (ldaps) trusted certificate authorities
> ---------------------------------------------------
>
> Key: GERONIMO-3820
> URL: https://issues.apache.org/jira/browse/GERONIMO-3820
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5, 2.0-M6,
> 2.0-M7, 2.0, 2.0.1, 2.0.2
> Environment: Integrating Geronimo with a SSL-enabled LDAP server
> Reporter: Sakari Maaranen
>
> When connecting to a LDAPS server, Geronimo refuses the connection because it
> cannot trust the server's certificate. This is simply because the trusted
> certificate authorities are not easily configurable with LDAP security realms.
> I had to use command line options for my JVM before starting Geronimo:
> -Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename>
> -Djavax.net.ssl.trustStorePassword=<password>
> Would be nice to have those configurable with GBeans or a similar means,
> preferrably via a web GUI.
> More details in GERONIMO-3812 comments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
