I've asked Sun about this. It would be nice if people could re-use their root cert store.
What format does IBM and BEA use? geir Boris Kuznetsov wrote: > Quotation from JavaTM Cryptography Architecture > API Specification & Reference > http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#KeyManagement > > > "It implements the keystore as a file, using a proprietary keystore > type (format) named "JKS"." > > On 7/19/06, Geir Magnusson Jr <[EMAIL PROTECTED]> wrote: >> >> >> Mikhail Loenko wrote: >> > A long ago we agreed that providers go into a separate module. But >> > now I think it's might be not very reasonable. >> >> Well, if it gets to be an issue, we can switch. Do you remember the >> reasons? >> >> > >> > Sun keeps certificates in its own proprietary format (JKS), while we >> have >> > BKS from Bouncy Castle, so files will have to be converted. I can do >> this >> > next week >> >> It's proprietary? Grrr. I would be nice if people could use their >> existing root cert stores w/ us. You sure? :) >> >> > >> > Thanks, >> > Mikhail >> > >> > 2006/7/19, Geir Magnusson Jr <[EMAIL PROTECTED]>: >> >> >> >> >> >> Tim Ellison wrote: >> >> > Geir Magnusson Jr wrote: >> >> >> I'm integrating HARMONY-536, the JSSE provider. Two things: >> >> >> >> >> >> 1) it's contributed to go into x-net, but the package namespace is >> >> >> >> >> >> o.a.h.security.provider.jsse >> >> >> >> >> >> so I wonder if this would be better off in the security module. If >> >> not, >> >> >> we are stuck because we don't have a 'negative' patternset for jar >> >> >> packaging, so it's getting sucked into security jar right now >> >> anyway :) >> >> > >> >> > IMHO it should be in x-net. Can't you rename the package? >> >> > >> >> >> >> Of course. Something was going to get moved, just wanted to see any >> >> other opinions.. >> >> >> >> >> >> >> 2) I have a little test proggie that shows that it's negotiating w/ >> >> the >> >> >> other side, but given we have no cacerts, it whines and gives up. >> >> (It's >> >> >> a reasonable whine...) Lazily and naively, I threw the cacerts >> from >> >> >> Sun's JRE into jre/lib/security and prayed, but the security >> >> deities are >> >> >> not smiling on me today. So, where does/what format/etc/etc should >> >> our >> >> >> root cert file go? >> >> > >> >> > Dunno. I know you were just playing, but AIUI the use of root >> >> > certificates for popular CA's cost $'s don't they? >> >> >> >> I didn't think so. I thought that they gave the root certs away >> because >> >> the value of a cert provider is directly proportional to the >> amount of >> >> software out there that can understand it's certs... >> >> >> >> > >> >> > Hopefully Boris will enlighten us to the format used. >> >> > >> >> > Regards, >> >> > Tim >> >> > >> >> >> >> --------------------------------------------------------------------- >> >> Terms of use : http://incubator.apache.org/harmony/mailing.html >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > --------------------------------------------------------------------- >> > Terms of use : http://incubator.apache.org/harmony/mailing.html >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> > >> >> --------------------------------------------------------------------- >> Terms of use : http://incubator.apache.org/harmony/mailing.html >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
