I've seen you mail on the jetty list ;) I will follow the conversation there too.
On 11/6/06, Thomas TERMIN <[EMAIL PROTECTED]> wrote:
Thanks Guillaume! I will try that out tomorrow. Basicly that solve our problem in servicemix but we have also jetty as a webcontainer deployed in servicemix so we have still the problem here. Guillaume Nodet wrote: > If you set the managed="true" attribute on the ssl parameters > for the servicemix-http component, you will use the > org.apache.servicemix.http.jetty.ServiceMixSslSocketConnector > instead of the standard jetty ssl connector. This one handle > the keyAlias parameter. > > To use this, you will need to define a > org.apache.servicemix.jbi.security.keystore.KeystoreManager > instance (see /conf/security.xml for an example) like the following: > > <sm:keystoreManager id="keystoreManager"> > <sm:keystores> > <sm:keystore name="default" > path="classpath:keystore.jks" > keystorePassword="servicemix" > keyPasswords="smx=smx" /> > </sm:keystores> > </sm:keystoreManager> > > You will need to configure it on the component configuration, using > either a JNDI name or a direct reference. Unfortunately, there is > currently no way to set it for the endpoint itself, though it should be > easy to modify. If I have some time I will look at it but I can't make it at the moment. Cheers, Thomas > > > On 11/6/06, Thomas TERMIN <[EMAIL PROTECTED]> wrote: >> Guillaume, >> >> We have some issues with ssl here. As I said before you can set the >> key-alias parameter but it is not used at the moment from servicemix to >> create a sslSocketConnector. But the bigger problem is that jetty does >> not support that. Jetty reads the keystore from the keystore file and if >> there is more than one key in this store it gives an exception. The >> thing is I can fix that in jetty as well as in servicemix. But I have no >> contacts to the jetty community. So one thing is if I would fix that >> could you bring this patch faster in the jetty code as I could (Assumed >> that you have better contacts). The second thing is if you are >> interested at all on improve this things. >> >> So what I would do is I would read the keystore file in jetty as already >> done and would create inmemory keystores for every alias. So I would >> have a hash table or something where you could get the keystore for a >> specific given alias. The only thing in servicemix then is to get the >> key-alias (if it is set in the http endpoint configuration) and call a >> jetty getter method for the key alias. The Ssl socket connector can then >> get the specific keystore from the hast table and intialise the complete >> ssl stuff with the right given key. >> >> Hope it was understandable. ;-) >> >> What do you think? >> >> Cheers, >> Thomas >> >> Thomas TERMIN wrote: >> > Thanks Guillaume it is a nice feature in servicemix but it seems to be >> > not supported from the SslSocketConnector (jetty). There is no such >> > attribute unfortunately. >> > >> > Do you have any ideas? >> > >> > Cheers, >> > Thomas >> > >> > Guillaume Nodet wrote: >> >> The SslParameters class has a keyAlias attribute that you >> >> can use for that. >> >> >> >> On 11/3/06, Thomas TERMIN <[EMAIL PROTECTED]> wrote: >> >>> Hello, >> >>> >> >>> Who can I specify the alias for a key in the keystore for secure ssl >> >>> consumer endpoints? Or is that basicly impossible to have more >> than one >> >>> key in the keystore? >> >>> >> >>> Cheers, >> >>> Thomas Termin >> >>> >> >> >> > >> > >> >> > >
-- Cheers, Guillaume Nodet
