You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Stefan Seelmann (JIRA)" <ji...@apache.org> on 2018/07/28 20:58:00 UTC

[jira] [Updated] (DIRSERVER-2242) Keystore change from JKS to PKCS12

     [ https://issues.apache.org/jira/browse/DIRSERVER-2242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Seelmann updated DIRSERVER-2242:
---------------------------------------
    Description: 
Until Java 8 the default key store was JKS, since Java 9 the default is PKCS12.

In the server code when we use key stores there is a mix of
 * KeyStore.getInstance( KeyStore.getDefaultType() );
 * KeyStore.getInstance( "JKS" );

This needs to be cleaned up.

There is also the question if an automatic migration from existing JKS stores in existing installations .to PKCS12 is possible

Workaround is to change default keystore to JKS (property keystore.type in $JAVA_HOME/conf/security/java.security)

 Reference: http://openjdk.java.net/jeps/229

  was:
Until Java 8 the default key store was JKS, since Java 9 the default is PKCS12.

In the server code when we use key stores there is a mix of
 * KeyStore.getInstance( KeyStore.getDefaultType() );
 * KeyStore.getInstance( "JKS" );

This needs to be cleaned up.

There is also the question if an automatic migration from existing JKS stores in existing installations .to PKCS12 is possible

Workaround is to change default keystore to JKS (property keystore.type in $JAVA_HOME/conf/security/java.security)

 


> Keystore change from JKS to PKCS12
> ----------------------------------
>
>                 Key: DIRSERVER-2242
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2242
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>            Reporter: Stefan Seelmann
>            Priority: Major
>
> Until Java 8 the default key store was JKS, since Java 9 the default is PKCS12.
> In the server code when we use key stores there is a mix of
>  * KeyStore.getInstance( KeyStore.getDefaultType() );
>  * KeyStore.getInstance( "JKS" );
> This needs to be cleaned up.
> There is also the question if an automatic migration from existing JKS stores in existing installations .to PKCS12 is possible
> Workaround is to change default keystore to JKS (property keystore.type in $JAVA_HOME/conf/security/java.security)
>  Reference: http://openjdk.java.net/jeps/229



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)