[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12450120 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- I would like this portlet to be in 1.2 release. Thanks to all who have reviewed the patch and voted. If others do not have any concerns/issues, I will commit this before 1.2 branch is created or in 48 hours, which ever is earlier. > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, G-2413-v1.2-revised.patch, > GERONIMO-2413-revised.patch, GERONIMO-2413-v1.1.x.patch, > GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12449898 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- Hi Paul, I have uploaded a new patch G-2413-v1.2-revised.patch. Thanks, Vamsi > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, G-2413-v1.2-revised.patch, > GERONIMO-2413-revised.patch, GERONIMO-2413-v1.1.x.patch, > GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12449436 ] Paul McMahan commented on GERONIMO-2413: Vamsi, Sorry it has taken me a while to look at this patch. I'm ready to look now but using GERONIMO-2413-v1.2.patch against trunk I get several HUNK failures. Can you generate a new patch? patching file applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/util/ManagementHelper.java Hunk #2 FAILED at 124. patching file configs/pom.xml Hunk #1 FAILED at 175. patching file modules/geronimo-management/src/main/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java Hunk #1 FAILED at 18. Hunk #2 FAILED at 178. patching file modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Hunk #1 FAILED at 64. Hunk #2 FAILED at 452. > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413-v1.1.x.patch, GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, > GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12443025 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- How do you remove/edit CA info once configured? During the setup, CA (let me call it Geronimo CA) uses a self-signed certificate. If Geronimo CA decides to get certified by another CA, Geronimo CA can import its certificate into 'ca-keystore' using the keystore portlet. If Geronimo CA's certificate changes, it should be published again using the "Publish CA Certificate" link in CA Portlet. > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12442928 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- Here is a scenario I have tested. Step 1. Setup CA by entering CA Name details etc. Step 2. Generate a CSR from geronimo-default keystore and process the server certificate request using "Issue New Certificate" link in CA portlet. Step 3. Import CA's certificate as trusted and the CA reply. Step 4. Setup an HTTPS Connector configured for client authentication. Step 5. Start the CA Helper application from "Web App WARs" portlet In a second browser window, Step 6. Access the CA Helper Application at http://localhost:8080/CAHelper through a web browser that supports KEYGEN tag. Internet Explorer does not support KEYGEN tag. Step 7. Submit a Certificate Request through web brower using "Request Certificate" link. Upon submission the request shows up in "Requests to be verified" page in CA portlet. NOTE: Make a note of the request id as it will be required to download the cerfiticate issued by the CA. In CA portlet, Step 8. Approve the request through CA portllet using "Requests to be verified" link. Approved requests showup in "Requests to be fulfilled" page. Step 9. Process the request from "Requests to be fulfilled" page and issue certificate. In the CA Helper window, Step 10. Import CA's certificate into web browser suing "Download CA certificate" link. Step 11. Install personal certificate using the "Download Certificate" link and request id from Step 7 above. Step 12. Access the verify certificate link to verify that the certificate is downloaded and installed. Summary of the scenario: CA is setup; a certificate request is submitted through web browser and issued certificate is downloaded into the web browser. > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12441843 ] Hernan Cunico commented on GERONIMO-2413: - I am almost done testing with Tomcat on trunk (1.2). How do you remove/edit CA info once configured? > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12440341 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- Excerpt from my first comment: Certification Authority portlet with the following functions: 1. 2. 3. another 3. 4 ... I seem to have "counting problems" :o(. But, you can definitely count on me :o) > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12438389 ] Vamsavardhana Reddy commented on GERONIMO-2413: --- Don't forget to apply GERONIMO-2436-v1.2.patch before trying the CA portlet. > Add a Certification Authority (CA) portlet to Geronimo console > -- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security >Reporter: Vamsavardhana Reddy > Assigned To: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: GERONIMO-2413.patch > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
