Keith Wall created QPID-7869:
--------------------------------
Summary: [Java Broker] Truststore improvements
Key: QPID-7869
URL: https://issues.apache.org/jira/browse/QPID-7869
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Keith Wall
The current TrustStore API requires some tidy up/improvements to allow an
operator to better manage certificate expiry.
# Currently the details of certificates contained within the store are not
exposed in a uniform manner. {#getCertificateDetails}} should be pulled up and
implemented by all truststore types. I suggest we standardise on the form
currently used by {{ManagedPeerCertificateTrustStore#getCertificateDetails}}
(i.e. the List<CertificateDetails>). For the {{SiteSpecificTrustStore}} it
should return a singleton list.
# KeyStores currently warn the user certificate are about to expire via
operational log messages. TrustStores should implement the same feature.
# For SSL client authentication, we should have a 'strict mode' where the
{{validFrom}}/{{validTo}} date of the peer certificate is validated before the
connection is accepted. This will help users utilising self signed
certificate for client authentication purpose effectively managed certificate
expiration.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
