You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Donald Woods (JIRA)" <de...@geronimo.apache.org> on 2006/05/12 22:12:08 UTC

[jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type

    [ http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12383265 ] 

Donald Woods commented on GERONIMO-2015:
----------------------------------------

JKS keystore works fine on the 1.4.2 and 1.5.0 IBM JVMs.

As stated in an earlier posting, we cannot include the Bouncy Castle JARs as-is in Geronimo, due to IP Licensing issues found.  Before including any additional BC source code in geronimo-utils, it needs to be reviewed as incoming source code to insure there are no IP issues in those files...


> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>          Key: GERONIMO-2015
>          URL: http://issues.apache.org/jira/browse/GERONIMO-2015
>      Project: Geronimo
>         Type: Improvement
>     Security: public(Regular issues) 
>   Components: security
>     Reporter: Nikolay Chugunov
>  Attachments: JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations files. 
> PKCS12 format of key store file is not java-specific and can be created and read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security, assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security directories. Key store file was generating using JKSToPKCS12 class (attached). This class transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo console over https.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira