You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Ashwill, Steve (Facilities & Services)" <sa...@uiuc.edu> on 2008/05/02 18:10:23 UTC
How to stop loading of default certificate
Can someone save me some research time and tell me how to stop Geronimo
from trying to load the default certificate. The pop up boxes asking if
I want to load it are causing a problem if I am doing a remote restart
because they appear on the console not on the remote desktop connection.
Thanks,
Steven Ashwill
Sorry for the duplicate message, but I though I'd better get the right
subject line. Haste does indeed make waste.
RE: How to stop loading of default certificate
Posted by "Ashwill, Steve (Facilities & Services)" <sa...@uiuc.edu>.
2.1 tomcat is what I'm using. Is there a fix for it?
Steven Ashwill
Application Developer
University of Illinois
1609 S. Oak St. M/C 662
Champaign, IL 61821
(217) 265-6337
-----Original Message-----
From: Johannes Weberhofer, Weberhofer GmbH [mailto:office@weberhofer.at]
Sent: Monday, May 05, 2008 8:37 AM
To: user@geronimo.apache.org
Subject: Re: How to stop loading of default certificate
On windows systems this behavoiur seems to be normal in 2.1 and 2.1.1
tomcat releases; The message pops while loading "Module 24/66
org.apache.geronimo.configs/tomcat6/2.1.1/car".
Johannes
Ashwill, Steve (Facilities & Services) schrieb:
> I haven't found it in the documentation, perhaps I'm just not looking
> in the right place.
>
> The message says:
> You are about to install a certificate from a certification authority
> (CA) claiming to represent:
>
> ME
>
> {text omitted}
>
>
> Do you want to install this certificate?
>
> Yes No
>
>
> I do not believe that anything has been modified concerning the
> keystores. This started as soon as I upgraded to "2.1" I start it as
> a service, but the same thing happens if I run from the command line
> as well with startup.bat.
>
>
>
>
>
> Steven Ashwill
> Application Developer
> University of Illinois
> 1609 S. Oak St. M/C 662
> Champaign, IL 61821
> (217) 265-6337
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Friday, May 02, 2008 12:44 PM
> To: user@geronimo.apache.org
> Subject: Re: How to stop loading of default certificate
>
> I've never seen this happen. Have you modified the geronimo
> keystore/ truststore setup? How are you restarting geronimo? What
> does the popup look like? Is there a stack trace?
>
> This seems like something we should cover in the documentation...
>
> thanks
> david jencks
>
> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> wrote:
>
>> Can someone save me some research time and tell me how to stop
>> Geronimo from trying to load the default certificate. The pop up
>> boxes
>
>> asking if I want to load it are causing a problem if I am doing a
>> remote restart because they appear on the console not on the remote
>> desktop connection.
>>
>> Thanks,
>> Steven Ashwill
>>
>>
>> Sorry for the duplicate message, but I though I'd better get the
>> right
>
>> subject line. Haste does indeed make waste.
>
--
|---------------------------------
| weberhofer GmbH | Johannes Weberhofer
| information technologies
| Austria, 1080 Wien, Blindengasse 52/3
|----------------------------------------------------------->>
Re: How to stop loading of default certificate
Posted by "Johannes Weberhofer, Weberhofer GmbH" <of...@weberhofer.at>.
On windows systems this behavoiur seems to be normal in 2.1 and 2.1.1 tomcat releases; The message pops while loading "Module 24/66 org.apache.geronimo.configs/tomcat6/2.1.1/car".
Johannes
Ashwill, Steve (Facilities & Services) schrieb:
> I haven't found it in the documentation, perhaps I'm just not looking
> in the right place.
>
> The message says:
> You are about to install a certificate from a certification authority
> (CA) claiming to represent:
>
> ME
>
> {text omitted}
>
>
> Do you want to install this certificate?
>
> Yes No
>
>
> I do not believe that anything has been modified concerning the
> keystores. This started as soon as I upgraded to "2.1" I start it as a
> service, but the same thing happens if I run from the command line as
> well with startup.bat.
>
>
>
>
>
> Steven Ashwill
> Application Developer
> University of Illinois
> 1609 S. Oak St. M/C 662
> Champaign, IL 61821
> (217) 265-6337
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Friday, May 02, 2008 12:44 PM
> To: user@geronimo.apache.org
> Subject: Re: How to stop loading of default certificate
>
> I've never seen this happen. Have you modified the geronimo keystore/
> truststore setup? How are you restarting geronimo? What does the popup
> look like? Is there a stack trace?
>
> This seems like something we should cover in the documentation...
>
> thanks
> david jencks
>
> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> wrote:
>
>> Can someone save me some research time and tell me how to stop
>> Geronimo from trying to load the default certificate. The pop up boxes
>
>> asking if I want to load it are causing a problem if I am doing a
>> remote restart because they appear on the console not on the remote
>> desktop connection.
>>
>> Thanks,
>> Steven Ashwill
>>
>>
>> Sorry for the duplicate message, but I though I'd better get the right
>
>> subject line. Haste does indeed make waste.
>
--
|---------------------------------
| weberhofer GmbH | Johannes Weberhofer
| information technologies
| Austria, 1080 Wien, Blindengasse 52/3
|----------------------------------------------------------->>
Re: How to stop loading of default certificate
Posted by Hernan Cunico <hc...@gmail.com>.
have you looked into http://cwiki.apache.org/GMOxDOC21/configuring-security.html
there is info there for adding certificates and even acting as your own CA.
have you tried this on JVM 1.5
HTH
Cheers!
Hernan
Ashwill, Steve (Facilities & Services) wrote:
> I haven't found it in the documentation, perhaps I'm just not looking
> in the right place.
>
> The message says:
> You are about to install a certificate from a certification authority
> (CA) claiming to represent:
>
> ME
>
> {text omitted}
>
>
> Do you want to install this certificate?
>
> Yes No
>
>
> I do not believe that anything has been modified concerning the
> keystores. This started as soon as I upgraded to "2.1" I start it as a
> service, but the same thing happens if I run from the command line as
> well with startup.bat.
>
>
>
>
>
> Steven Ashwill
> Application Developer
> University of Illinois
> 1609 S. Oak St. M/C 662
> Champaign, IL 61821
> (217) 265-6337
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Friday, May 02, 2008 12:44 PM
> To: user@geronimo.apache.org
> Subject: Re: How to stop loading of default certificate
>
> I've never seen this happen. Have you modified the geronimo keystore/
> truststore setup? How are you restarting geronimo? What does the popup
> look like? Is there a stack trace?
>
> This seems like something we should cover in the documentation...
>
> thanks
> david jencks
>
> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> wrote:
>
>> Can someone save me some research time and tell me how to stop
>> Geronimo from trying to load the default certificate. The pop up boxes
>
>> asking if I want to load it are causing a problem if I am doing a
>> remote restart because they appear on the console not on the remote
>> desktop connection.
>>
>> Thanks,
>> Steven Ashwill
>>
>>
>> Sorry for the duplicate message, but I though I'd better get the right
>
>> subject line. Haste does indeed make waste.
>
RE: How to stop loading of default certificate
Posted by "Ashwill, Steve (Facilities & Services)" <sa...@uiuc.edu>.
1.6.0_05 would be the version of jdk I am currently using.
Steven Ashwill
________________________________
From: Vamsavardhana Reddy [mailto:c1vamsi1c@gmail.com]
Sent: Monday, May 05, 2008 1:39 PM
To: user@geronimo.apache.org
Subject: Re: How to stop loading of default certificate
What is the JDK you are using to run G? I suspect you are using a 1.6
JDK.
++Vamsi
On Mon, May 5, 2008 at 6:48 PM, Ashwill, Steve (Facilities & Services)
<sa...@uiuc.edu> wrote:
I haven't found it in the documentation, perhaps I'm just not
looking
in the right place.
The message says:
You are about to install a certificate from a certification
authority
(CA) claiming to represent:
ME
{text omitted}
Do you want to install this certificate?
Yes No
I do not believe that anything has been modified concerning the
keystores. This started as soon as I upgraded to "2.1" I start
it as a
service, but the same thing happens if I run from the command
line as
well with startup.bat.
Steven Ashwill
Application Developer
University of Illinois
1609 S. Oak St. M/C 662
Champaign, IL 61821
(217) 265-6337
-----Original Message-----
From: David Jencks [mailto:david_jencks@yahoo.com]
Sent: Friday, May 02, 2008 12:44 PM
To: user@geronimo.apache.org
Subject: Re: How to stop loading of default certificate
I've never seen this happen. Have you modified the geronimo
keystore/
truststore setup? How are you restarting geronimo? What does
the popup
look like? Is there a stack trace?
This seems like something we should cover in the
documentation...
thanks
david jencks
On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities &
Services)
wrote:
> Can someone save me some research time and tell me how to stop
> Geronimo from trying to load the default certificate. The pop
up boxes
> asking if I want to load it are causing a problem if I am
doing a
> remote restart because they appear on the console not on the
remote
> desktop connection.
>
> Thanks,
> Steven Ashwill
>
>
> Sorry for the duplicate message, but I though I'd better get
the right
> subject line. Haste does indeed make waste.
Re: How to stop loading of default certificate
Posted by Vamsavardhana Reddy <c1...@gmail.com>.
What is the JDK you are using to run G? I suspect you are using a 1.6 JDK.
++Vamsi
On Mon, May 5, 2008 at 6:48 PM, Ashwill, Steve (Facilities & Services) <
sashwill@uiuc.edu> wrote:
> I haven't found it in the documentation, perhaps I'm just not looking
> in the right place.
>
> The message says:
> You are about to install a certificate from a certification authority
> (CA) claiming to represent:
>
> ME
>
> {text omitted}
>
>
> Do you want to install this certificate?
>
> Yes No
>
>
> I do not believe that anything has been modified concerning the
> keystores. This started as soon as I upgraded to "2.1" I start it as a
> service, but the same thing happens if I run from the command line as
> well with startup.bat.
>
>
>
>
>
> Steven Ashwill
> Application Developer
> University of Illinois
> 1609 S. Oak St. M/C 662
> Champaign, IL 61821
> (217) 265-6337
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Friday, May 02, 2008 12:44 PM
> To: user@geronimo.apache.org
> Subject: Re: How to stop loading of default certificate
>
> I've never seen this happen. Have you modified the geronimo keystore/
> truststore setup? How are you restarting geronimo? What does the popup
> look like? Is there a stack trace?
>
> This seems like something we should cover in the documentation...
>
> thanks
> david jencks
>
> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> wrote:
>
> > Can someone save me some research time and tell me how to stop
> > Geronimo from trying to load the default certificate. The pop up boxes
>
> > asking if I want to load it are causing a problem if I am doing a
> > remote restart because they appear on the console not on the remote
> > desktop connection.
> >
> > Thanks,
> > Steven Ashwill
> >
> >
> > Sorry for the duplicate message, but I though I'd better get the right
>
> > subject line. Haste does indeed make waste.
>
>
Re: How to stop loading of default certificate
Posted by Jarek Gawor <jg...@gmail.com>.
On Tue, May 6, 2008 at 2:36 PM, Vamsavardhana Reddy <c1...@gmail.com> wrote:
> Hi Jarek,
>
> One reason for introducing the certKeystoreTypes is that the PKCS12
> keystoreType in Sun JRE 5.0 does not allow storing of trusted certificates
> where as the one in IBM JRE 5.0 does allow storing of trusted certificates.
> Instead of letting the user figure it out, I thought it is better done
> before presenting a choice to the user.
>
> Irrespective of this certKeystoreTypes member, we will have to prevent these
> special keystore type entries from making into the supported keystore types
> since "Windows-MY" and "Windows-ROOT" type keystores don't behave in the
> same way as other keystores.
I still think that we should let the user figure out which keystore to
use or not but for now I decided to just ignore the "Windows-MY" and
"Windows-ROOT" keystores. I attached a patch with these changes to
https://issues.apache.org/jira/browse/GERONIMO-3864. If there are no
objections to the patch I'll commit it tomorrow.
Jarek
Re: How to stop loading of default certificate
Posted by Vamsavardhana Reddy <c1...@gmail.com>.
Hi Jarek,
One reason for introducing the certKeystoreTypes is that the PKCS12
keystoreType in Sun JRE 5.0 does not allow storing of trusted certificates
where as the one in IBM JRE 5.0 does allow storing of trusted certificates.
Instead of letting the user figure it out, I thought it is better done
before presenting a choice to the user.
Irrespective of this certKeystoreTypes member, we will have to prevent these
special keystore type entries from making into the supported keystore types
since "Windows-MY" and "Windows-ROOT" type keystores don't behave in the
same way as other keystores.
++Vamsi
On Tue, May 6, 2008 at 11:37 PM, Jarek Gawor <jg...@gmail.com> wrote:
> I see. I guess we could ignore those two types of keystores but it's
> not a foolproof solution. Same problem might happen on other OSes or
> with other keystore types since there is no reliable way to determine
> if the keystore supports storing of certificates or not. So I'm
> wondering if it would be better to let the user make that
> determination (that is, present the user with all keystore types and
> let him/her choose the right one).
>
> Jarek
>
> On Tue, May 6, 2008 at 1:09 PM, Vamsavardhana Reddy <c1...@gmail.com>
> wrote:
> > Hi Jarek,
> >
> > The reason I introduced this certKeystoreTypes member is that I wanted
> to
> > update (but have not done so!!) the keystores portlet to display whether
> a
> > keystore can be used to store trusted certificate entries. The problem
> > seems to be that in Windows environment there are two special keystore
> types
> > "Windows-MY" and "Windows-ROOT" which correspond to the windows private
> > keystore and windows root certificate keystores. We should be skipping
> > these two keystore types as they don't exactly fit in with the other
> > keystore types in terms of creating new key stores etc.
> >
> > ++Vamsi
> >
> >
> >
> > On Tue, May 6, 2008 at 1:10 AM, Jarek Gawor <jg...@gmail.com> wrote:
> > > Well, the problem is that the org.apache.geronimo.crypto.KeystoreUtil
> > > (in static block) goes through all the KeyStore providers and tests if
> > > they support storing a certificate. That test causes that window to be
> > > displayed on Windows with Java 1.6. The KeystoreUtil keeps a list of
> > > the providers which supporting storing a certificate in a public
> > > certKeystoreTypes variable. However, I cannot find a single reference
> > > to that variable in the entire Geronimo code.
> > >
> > > If there are no external references to that certKeystoreTypes variable
> > > maybe we should just remove that piece of code altogether (that
> > > particular test and the variable). If there are external references we
> > > can either make it empty or set it to a list that contains all
> > > KeyStore providers (since there is no easy way to figure out if the
> > > KeyStore supports certificates or not and without causing other side
> > > effects like on Windows, AFAIK).
> > >
> > > Thoughts?
> > >
> > > Jarek
> > >
> > >
> > >
> > >
> > > On Mon, May 5, 2008 at 2:29 PM, Kevan Miller <ke...@gmail.com>
> > wrote:
> > > > Seems like it's time to get this fixed :-)
> > > >
> > > > --kevan
> > > >
> > > >
> > > >
> > > > On May 5, 2008, at 8:25 AM, "Jarek Gawor" <jg...@gmail.com> wrote:
> > > >
> > > >
> > > > > Try with jetty assembly:
> > > > https://issues.apache.org/jira/browse/GERONIMO-3864
> > > > >
> > > > > :)
> > > > >
> > > > > Jarek
> > > > >
> > > > > On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities &
> Services)
> > > > > <sa...@uiuc.edu> wrote:
> > > > >
> > > > > > I haven't found it in the documentation, perhaps I'm just not
> > looking
> > > > > > in the right place.
> > > > > >
> > > > > > The message says:
> > > > > > You are about to install a certificate from a certification
> > authority
> > > > > > (CA) claiming to represent:
> > > > > >
> > > > > > ME
> > > > > >
> > > > > > {text omitted}
> > > > > >
> > > > > >
> > > > > > Do you want to install this certificate?
> > > > > >
> > > > > > Yes No
> > > > > >
> > > > > >
> > > > > > I do not believe that anything has been modified concerning the
> > > > > > keystores. This started as soon as I upgraded to "2.1" I start
> it
> > as a
> > > > > > service, but the same thing happens if I run from the command
> line
> > as
> > > > > > well with startup.bat.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Steven Ashwill
> > > > > > Application Developer
> > > > > > University of Illinois
> > > > > > 1609 S. Oak St. M/C 662
> > > > > > Champaign, IL 61821
> > > > > > (217) 265-6337
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: David Jencks [mailto:david_jencks@yahoo.com]
> > > > > > Sent: Friday, May 02, 2008 12:44 PM
> > > > > > To: user@geronimo.apache.org
> > > > > > Subject: Re: How to stop loading of default certificate
> > > > > >
> > > > > > I've never seen this happen. Have you modified the geronimo
> > keystore/
> > > > > > truststore setup? How are you restarting geronimo? What does
> the
> > popup
> > > > > > look like? Is there a stack trace?
> > > > > >
> > > > > > This seems like something we should cover in the
> documentation...
> > > > > >
> > > > > > thanks
> > > > > > david jencks
> > > > > >
> > > > > > On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities &
> Services)
> > > > > > wrote:
> > > > > >
> > > > > >
> > > > > > > Can someone save me some research time and tell me how to stop
> > > > > > > Geronimo from trying to load the default certificate. The pop
> up
> > boxes
> > > > > > >
> > > > > >
> > > > > >
> > > > > > > asking if I want to load it are causing a problem if I am
> doing a
> > > > > > > remote restart because they appear on the console not on the
> > remote
> > > > > > > desktop connection.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Steven Ashwill
> > > > > > >
> > > > > > >
> > > > > > > Sorry for the duplicate message, but I though I'd better get
> the
> > right
> > > > > > >
> > > > > >
> > > > > >
> > > > > > > subject line. Haste does indeed make waste.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
Re: How to stop loading of default certificate
Posted by Jarek Gawor <jg...@gmail.com>.
I see. I guess we could ignore those two types of keystores but it's
not a foolproof solution. Same problem might happen on other OSes or
with other keystore types since there is no reliable way to determine
if the keystore supports storing of certificates or not. So I'm
wondering if it would be better to let the user make that
determination (that is, present the user with all keystore types and
let him/her choose the right one).
Jarek
On Tue, May 6, 2008 at 1:09 PM, Vamsavardhana Reddy <c1...@gmail.com> wrote:
> Hi Jarek,
>
> The reason I introduced this certKeystoreTypes member is that I wanted to
> update (but have not done so!!) the keystores portlet to display whether a
> keystore can be used to store trusted certificate entries. The problem
> seems to be that in Windows environment there are two special keystore types
> "Windows-MY" and "Windows-ROOT" which correspond to the windows private
> keystore and windows root certificate keystores. We should be skipping
> these two keystore types as they don't exactly fit in with the other
> keystore types in terms of creating new key stores etc.
>
> ++Vamsi
>
>
>
> On Tue, May 6, 2008 at 1:10 AM, Jarek Gawor <jg...@gmail.com> wrote:
> > Well, the problem is that the org.apache.geronimo.crypto.KeystoreUtil
> > (in static block) goes through all the KeyStore providers and tests if
> > they support storing a certificate. That test causes that window to be
> > displayed on Windows with Java 1.6. The KeystoreUtil keeps a list of
> > the providers which supporting storing a certificate in a public
> > certKeystoreTypes variable. However, I cannot find a single reference
> > to that variable in the entire Geronimo code.
> >
> > If there are no external references to that certKeystoreTypes variable
> > maybe we should just remove that piece of code altogether (that
> > particular test and the variable). If there are external references we
> > can either make it empty or set it to a list that contains all
> > KeyStore providers (since there is no easy way to figure out if the
> > KeyStore supports certificates or not and without causing other side
> > effects like on Windows, AFAIK).
> >
> > Thoughts?
> >
> > Jarek
> >
> >
> >
> >
> > On Mon, May 5, 2008 at 2:29 PM, Kevan Miller <ke...@gmail.com>
> wrote:
> > > Seems like it's time to get this fixed :-)
> > >
> > > --kevan
> > >
> > >
> > >
> > > On May 5, 2008, at 8:25 AM, "Jarek Gawor" <jg...@gmail.com> wrote:
> > >
> > >
> > > > Try with jetty assembly:
> > > https://issues.apache.org/jira/browse/GERONIMO-3864
> > > >
> > > > :)
> > > >
> > > > Jarek
> > > >
> > > > On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities & Services)
> > > > <sa...@uiuc.edu> wrote:
> > > >
> > > > > I haven't found it in the documentation, perhaps I'm just not
> looking
> > > > > in the right place.
> > > > >
> > > > > The message says:
> > > > > You are about to install a certificate from a certification
> authority
> > > > > (CA) claiming to represent:
> > > > >
> > > > > ME
> > > > >
> > > > > {text omitted}
> > > > >
> > > > >
> > > > > Do you want to install this certificate?
> > > > >
> > > > > Yes No
> > > > >
> > > > >
> > > > > I do not believe that anything has been modified concerning the
> > > > > keystores. This started as soon as I upgraded to "2.1" I start it
> as a
> > > > > service, but the same thing happens if I run from the command line
> as
> > > > > well with startup.bat.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Steven Ashwill
> > > > > Application Developer
> > > > > University of Illinois
> > > > > 1609 S. Oak St. M/C 662
> > > > > Champaign, IL 61821
> > > > > (217) 265-6337
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: David Jencks [mailto:david_jencks@yahoo.com]
> > > > > Sent: Friday, May 02, 2008 12:44 PM
> > > > > To: user@geronimo.apache.org
> > > > > Subject: Re: How to stop loading of default certificate
> > > > >
> > > > > I've never seen this happen. Have you modified the geronimo
> keystore/
> > > > > truststore setup? How are you restarting geronimo? What does the
> popup
> > > > > look like? Is there a stack trace?
> > > > >
> > > > > This seems like something we should cover in the documentation...
> > > > >
> > > > > thanks
> > > > > david jencks
> > > > >
> > > > > On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> > > > > wrote:
> > > > >
> > > > >
> > > > > > Can someone save me some research time and tell me how to stop
> > > > > > Geronimo from trying to load the default certificate. The pop up
> boxes
> > > > > >
> > > > >
> > > > >
> > > > > > asking if I want to load it are causing a problem if I am doing a
> > > > > > remote restart because they appear on the console not on the
> remote
> > > > > > desktop connection.
> > > > > >
> > > > > > Thanks,
> > > > > > Steven Ashwill
> > > > > >
> > > > > >
> > > > > > Sorry for the duplicate message, but I though I'd better get the
> right
> > > > > >
> > > > >
> > > > >
> > > > > > subject line. Haste does indeed make waste.
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
>
Re: How to stop loading of default certificate
Posted by Vamsavardhana Reddy <c1...@gmail.com>.
Hi Jarek,
The reason I introduced this certKeystoreTypes member is that I wanted to
update (but have not done so!!) the keystores portlet to display whether a
keystore can be used to store trusted certificate entries. The problem
seems to be that in Windows environment there are two special keystore types
"Windows-MY" and "Windows-ROOT" which correspond to the windows private
keystore and windows root certificate keystores. We should be skipping
these two keystore types as they don't exactly fit in with the other
keystore types in terms of creating new key stores etc.
++Vamsi
On Tue, May 6, 2008 at 1:10 AM, Jarek Gawor <jg...@gmail.com> wrote:
> Well, the problem is that the org.apache.geronimo.crypto.KeystoreUtil
> (in static block) goes through all the KeyStore providers and tests if
> they support storing a certificate. That test causes that window to be
> displayed on Windows with Java 1.6. The KeystoreUtil keeps a list of
> the providers which supporting storing a certificate in a public
> certKeystoreTypes variable. However, I cannot find a single reference
> to that variable in the entire Geronimo code.
>
> If there are no external references to that certKeystoreTypes variable
> maybe we should just remove that piece of code altogether (that
> particular test and the variable). If there are external references we
> can either make it empty or set it to a list that contains all
> KeyStore providers (since there is no easy way to figure out if the
> KeyStore supports certificates or not and without causing other side
> effects like on Windows, AFAIK).
>
> Thoughts?
>
> Jarek
>
> On Mon, May 5, 2008 at 2:29 PM, Kevan Miller <ke...@gmail.com>
> wrote:
> > Seems like it's time to get this fixed :-)
> >
> > --kevan
> >
> >
> >
> > On May 5, 2008, at 8:25 AM, "Jarek Gawor" <jg...@gmail.com> wrote:
> >
> >
> > > Try with jetty assembly:
> > https://issues.apache.org/jira/browse/GERONIMO-3864
> > >
> > > :)
> > >
> > > Jarek
> > >
> > > On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities & Services)
> > > <sa...@uiuc.edu> wrote:
> > >
> > > > I haven't found it in the documentation, perhaps I'm just not
> looking
> > > > in the right place.
> > > >
> > > > The message says:
> > > > You are about to install a certificate from a certification
> authority
> > > > (CA) claiming to represent:
> > > >
> > > > ME
> > > >
> > > > {text omitted}
> > > >
> > > >
> > > > Do you want to install this certificate?
> > > >
> > > > Yes No
> > > >
> > > >
> > > > I do not believe that anything has been modified concerning the
> > > > keystores. This started as soon as I upgraded to "2.1" I start it
> as a
> > > > service, but the same thing happens if I run from the command line
> as
> > > > well with startup.bat.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Steven Ashwill
> > > > Application Developer
> > > > University of Illinois
> > > > 1609 S. Oak St. M/C 662
> > > > Champaign, IL 61821
> > > > (217) 265-6337
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: David Jencks [mailto:david_jencks@yahoo.com]
> > > > Sent: Friday, May 02, 2008 12:44 PM
> > > > To: user@geronimo.apache.org
> > > > Subject: Re: How to stop loading of default certificate
> > > >
> > > > I've never seen this happen. Have you modified the geronimo
> keystore/
> > > > truststore setup? How are you restarting geronimo? What does the
> popup
> > > > look like? Is there a stack trace?
> > > >
> > > > This seems like something we should cover in the documentation...
> > > >
> > > > thanks
> > > > david jencks
> > > >
> > > > On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> > > > wrote:
> > > >
> > > >
> > > > > Can someone save me some research time and tell me how to stop
> > > > > Geronimo from trying to load the default certificate. The pop up
> boxes
> > > > >
> > > >
> > > >
> > > > > asking if I want to load it are causing a problem if I am doing a
> > > > > remote restart because they appear on the console not on the
> remote
> > > > > desktop connection.
> > > > >
> > > > > Thanks,
> > > > > Steven Ashwill
> > > > >
> > > > >
> > > > > Sorry for the duplicate message, but I though I'd better get the
> right
> > > > >
> > > >
> > > >
> > > > > subject line. Haste does indeed make waste.
> > > > >
> > > >
> > > >
> > > >
> > >
> >
>
Re: How to stop loading of default certificate
Posted by Jarek Gawor <jg...@gmail.com>.
Well, the problem is that the org.apache.geronimo.crypto.KeystoreUtil
(in static block) goes through all the KeyStore providers and tests if
they support storing a certificate. That test causes that window to be
displayed on Windows with Java 1.6. The KeystoreUtil keeps a list of
the providers which supporting storing a certificate in a public
certKeystoreTypes variable. However, I cannot find a single reference
to that variable in the entire Geronimo code.
If there are no external references to that certKeystoreTypes variable
maybe we should just remove that piece of code altogether (that
particular test and the variable). If there are external references we
can either make it empty or set it to a list that contains all
KeyStore providers (since there is no easy way to figure out if the
KeyStore supports certificates or not and without causing other side
effects like on Windows, AFAIK).
Thoughts?
Jarek
On Mon, May 5, 2008 at 2:29 PM, Kevan Miller <ke...@gmail.com> wrote:
> Seems like it's time to get this fixed :-)
>
> --kevan
>
>
>
> On May 5, 2008, at 8:25 AM, "Jarek Gawor" <jg...@gmail.com> wrote:
>
>
> > Try with jetty assembly:
> https://issues.apache.org/jira/browse/GERONIMO-3864
> >
> > :)
> >
> > Jarek
> >
> > On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities & Services)
> > <sa...@uiuc.edu> wrote:
> >
> > > I haven't found it in the documentation, perhaps I'm just not looking
> > > in the right place.
> > >
> > > The message says:
> > > You are about to install a certificate from a certification authority
> > > (CA) claiming to represent:
> > >
> > > ME
> > >
> > > {text omitted}
> > >
> > >
> > > Do you want to install this certificate?
> > >
> > > Yes No
> > >
> > >
> > > I do not believe that anything has been modified concerning the
> > > keystores. This started as soon as I upgraded to "2.1" I start it as a
> > > service, but the same thing happens if I run from the command line as
> > > well with startup.bat.
> > >
> > >
> > >
> > >
> > >
> > > Steven Ashwill
> > > Application Developer
> > > University of Illinois
> > > 1609 S. Oak St. M/C 662
> > > Champaign, IL 61821
> > > (217) 265-6337
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: David Jencks [mailto:david_jencks@yahoo.com]
> > > Sent: Friday, May 02, 2008 12:44 PM
> > > To: user@geronimo.apache.org
> > > Subject: Re: How to stop loading of default certificate
> > >
> > > I've never seen this happen. Have you modified the geronimo keystore/
> > > truststore setup? How are you restarting geronimo? What does the popup
> > > look like? Is there a stack trace?
> > >
> > > This seems like something we should cover in the documentation...
> > >
> > > thanks
> > > david jencks
> > >
> > > On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> > > wrote:
> > >
> > >
> > > > Can someone save me some research time and tell me how to stop
> > > > Geronimo from trying to load the default certificate. The pop up boxes
> > > >
> > >
> > >
> > > > asking if I want to load it are causing a problem if I am doing a
> > > > remote restart because they appear on the console not on the remote
> > > > desktop connection.
> > > >
> > > > Thanks,
> > > > Steven Ashwill
> > > >
> > > >
> > > > Sorry for the duplicate message, but I though I'd better get the right
> > > >
> > >
> > >
> > > > subject line. Haste does indeed make waste.
> > > >
> > >
> > >
> > >
> >
>
Re: How to stop loading of default certificate
Posted by Kevan Miller <ke...@gmail.com>.
Seems like it's time to get this fixed :-)
--kevan
On May 5, 2008, at 8:25 AM, "Jarek Gawor" <jg...@gmail.com> wrote:
> Try with jetty assembly: https://issues.apache.org/jira/browse/GERONIMO-3864
>
> :)
>
> Jarek
>
> On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities & Services)
> <sa...@uiuc.edu> wrote:
>> I haven't found it in the documentation, perhaps I'm just not looking
>> in the right place.
>>
>> The message says:
>> You are about to install a certificate from a certification authority
>> (CA) claiming to represent:
>>
>> ME
>>
>> {text omitted}
>>
>>
>> Do you want to install this certificate?
>>
>> Yes No
>>
>>
>> I do not believe that anything has been modified concerning the
>> keystores. This started as soon as I upgraded to "2.1" I start it
>> as a
>> service, but the same thing happens if I run from the command line as
>> well with startup.bat.
>>
>>
>>
>>
>>
>> Steven Ashwill
>> Application Developer
>> University of Illinois
>> 1609 S. Oak St. M/C 662
>> Champaign, IL 61821
>> (217) 265-6337
>>
>>
>>
>> -----Original Message-----
>> From: David Jencks [mailto:david_jencks@yahoo.com]
>> Sent: Friday, May 02, 2008 12:44 PM
>> To: user@geronimo.apache.org
>> Subject: Re: How to stop loading of default certificate
>>
>> I've never seen this happen. Have you modified the geronimo
>> keystore/
>> truststore setup? How are you restarting geronimo? What does the
>> popup
>> look like? Is there a stack trace?
>>
>> This seems like something we should cover in the documentation...
>>
>> thanks
>> david jencks
>>
>> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
>> wrote:
>>
>>> Can someone save me some research time and tell me how to stop
>>> Geronimo from trying to load the default certificate. The pop up
>>> boxes
>>
>>> asking if I want to load it are causing a problem if I am doing a
>>> remote restart because they appear on the console not on the remote
>>> desktop connection.
>>>
>>> Thanks,
>>> Steven Ashwill
>>>
>>>
>>> Sorry for the duplicate message, but I though I'd better get the
>>> right
>>
>>> subject line. Haste does indeed make waste.
>>
>>
Re: How to stop loading of default certificate
Posted by Jarek Gawor <jg...@gmail.com>.
Try with jetty assembly: https://issues.apache.org/jira/browse/GERONIMO-3864
:)
Jarek
On Mon, May 5, 2008 at 9:18 AM, Ashwill, Steve (Facilities & Services)
<sa...@uiuc.edu> wrote:
> I haven't found it in the documentation, perhaps I'm just not looking
> in the right place.
>
> The message says:
> You are about to install a certificate from a certification authority
> (CA) claiming to represent:
>
> ME
>
> {text omitted}
>
>
> Do you want to install this certificate?
>
> Yes No
>
>
> I do not believe that anything has been modified concerning the
> keystores. This started as soon as I upgraded to "2.1" I start it as a
> service, but the same thing happens if I run from the command line as
> well with startup.bat.
>
>
>
>
>
> Steven Ashwill
> Application Developer
> University of Illinois
> 1609 S. Oak St. M/C 662
> Champaign, IL 61821
> (217) 265-6337
>
>
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Friday, May 02, 2008 12:44 PM
> To: user@geronimo.apache.org
> Subject: Re: How to stop loading of default certificate
>
> I've never seen this happen. Have you modified the geronimo keystore/
> truststore setup? How are you restarting geronimo? What does the popup
> look like? Is there a stack trace?
>
> This seems like something we should cover in the documentation...
>
> thanks
> david jencks
>
> On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
> wrote:
>
> > Can someone save me some research time and tell me how to stop
> > Geronimo from trying to load the default certificate. The pop up boxes
>
> > asking if I want to load it are causing a problem if I am doing a
> > remote restart because they appear on the console not on the remote
> > desktop connection.
> >
> > Thanks,
> > Steven Ashwill
> >
> >
> > Sorry for the duplicate message, but I though I'd better get the right
>
> > subject line. Haste does indeed make waste.
>
>
RE: How to stop loading of default certificate
Posted by "Ashwill, Steve (Facilities & Services)" <sa...@uiuc.edu>.
I haven't found it in the documentation, perhaps I'm just not looking
in the right place.
The message says:
You are about to install a certificate from a certification authority
(CA) claiming to represent:
ME
{text omitted}
Do you want to install this certificate?
Yes No
I do not believe that anything has been modified concerning the
keystores. This started as soon as I upgraded to "2.1" I start it as a
service, but the same thing happens if I run from the command line as
well with startup.bat.
Steven Ashwill
Application Developer
University of Illinois
1609 S. Oak St. M/C 662
Champaign, IL 61821
(217) 265-6337
-----Original Message-----
From: David Jencks [mailto:david_jencks@yahoo.com]
Sent: Friday, May 02, 2008 12:44 PM
To: user@geronimo.apache.org
Subject: Re: How to stop loading of default certificate
I've never seen this happen. Have you modified the geronimo keystore/
truststore setup? How are you restarting geronimo? What does the popup
look like? Is there a stack trace?
This seems like something we should cover in the documentation...
thanks
david jencks
On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
wrote:
> Can someone save me some research time and tell me how to stop
> Geronimo from trying to load the default certificate. The pop up boxes
> asking if I want to load it are causing a problem if I am doing a
> remote restart because they appear on the console not on the remote
> desktop connection.
>
> Thanks,
> Steven Ashwill
>
>
> Sorry for the duplicate message, but I though I'd better get the right
> subject line. Haste does indeed make waste.
Re: How to stop loading of default certificate
Posted by David Jencks <da...@yahoo.com>.
I've never seen this happen. Have you modified the geronimo keystore/
truststore setup? How are you restarting geronimo? What does the
popup look like? Is there a stack trace?
This seems like something we should cover in the documentation...
thanks
david jencks
On May 2, 2008, at 9:10 AM, Ashwill, Steve (Facilities & Services)
wrote:
> Can someone save me some research time and tell me how to stop
> Geronimo
> from trying to load the default certificate. The pop up boxes asking
> if
> I want to load it are causing a problem if I am doing a remote restart
> because they appear on the console not on the remote desktop
> connection.
>
> Thanks,
> Steven Ashwill
>
>
> Sorry for the duplicate message, but I though I'd better get the right
> subject line. Haste does indeed make waste.