You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Alexey Petrenko (JIRA)" <ji...@apache.org> on 2008/01/17 23:15:33 UTC
[jira] Closed: (GERONIMO-2015) Let's replace JKS to PKCS12 key
store type
[ https://issues.apache.org/jira/browse/GERONIMO-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Petrenko closed GERONIMO-2015.
-------------------------------------
Resolution: Won't Fix
Changing default key store from JKS to PKCS12 or something else will be too strong move at the moment.
It makes much more sense to make this feature configurable.
> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
> Key: GERONIMO-2015
> URL: https://issues.apache.org/jira/browse/GERONIMO-2015
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Reporter: Nikolay Chugunov
> Assignee: Alexey Petrenko
> Fix For: Wish List
>
> Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations files.
> PKCS12 format of key store file is not java-specific and can be created and read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security, assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security directories. Key store file was generating using JKSToPKCS12 class (attached). This class transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo console over https.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.