You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-user@db.apache.org by Thomas <Th...@t-online.de> on 2010/12/30 16:03:45 UTC
Problem solved
After many hours of further investigation I have been able to overcome all road
blocks and now successfully use SSL certificates (created and signed using
openSSL and converted in jks keystores using keytool) and peer Authentication
between server and client. I wish though the certificate expiry date would not
be ignored, but from what I read on other forums that seems to be intended
behaviour in the SUN implementation of JSSE.
Re: Problem solved
Posted by Thomas <Th...@t-online.de>.
I will try to summarise my experiences in the wiki once I have completed my full
round trip of what I am/was trying to achieve:
1) have a JAVA provider (in Germany) host a Derby Network Server for me - done
2) have them run the Derby Server using SSL encryption and peer authentication -
done
3) become my own CA to allow me to create and sign SSL *client* certificates
myself - done (and buy the server certificate from an official CA)
3) have my applications securely communicate with the database server either
direct (my java application - done) or via Tomcat (my java web application -
mostly done)
4) use SQL authorisation to protect my data base objects - done (also many
thanks to Dag and the team that with release 10.7.1 the possibility to execute
procedures with definer rights was introduced which was a concept I was missing
in the previous version)
5) migrate off from using the built-in user system to utilizing LDAP - work in
progress (and hoping this journey will be al lot shorter than my SSL endevours)
Regards
Re: Problem solved
Posted by Bryan Pendleton <bp...@gmail.com>.
On 12/30/2010 07:03 AM, Thomas wrote:
> After many hours of further investigation I have been able to overcome all road
> blocks and now successfully use SSL certificates (created and signed using
> openSSL and converted in jks keystores using keytool) and peer Authentication
> between server and client.
Excellent!
Would you be willing to contribute your experience to the Derby wiki?
http://wiki.apache.org/db-derby/HintsAndTips
I think the community could certainly benefit from the knowledge you
gained about the necessary configuration steps needed.
thanks,
bryan