db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reda Jazouli <reda...@gmail.com>
Subject Re: Starting the derby sever with ssl
Date Mon, 03 Nov 2008 21:55:15 GMT

Many many thanks Rick, this is excactly what i was searching for.
I really didnt except to obtain so quickly an answer.

Thanks Rick. :handshake:


Rick Hillegas-2 wrote:
> 
> Hi Reda,
> 
> I'm not an expert on the internals of Java's SSL support. Perhaps we'll 
> get a response from someone who knows more than I do. My understanding 
> was that the default key manager picks the first usable entry from the 
> keystore and, for this reason, it's typical for a keystore to hold only 
> one object. You can override this behavior by writing your own key 
> manager. The following link may be useful:
> 
> http://books.google.com/books?id=EhX9BjHj9M4C&pg=PA314&lpg=PA314&dq=java+keystore+vs+truststore&source=web&ots=sNVm3qmI-U&sig=UOihfFE_1MJC625sAVhd1yrUUJQ#PPA328,M1
> 
> Hope this helps,
> -Rick
> 
> Reda Jazouli wrote:
>> Hi Rick, 
>> thank you for your reply, but my question is how does java knows wich key
>> it
>> has to choose from the given keystore ?
>>
>> Thanks in advance
>>
>> Rick Hillegas-2 wrote:
>>   
>>> Hi Reda,
>>>
>>> The documentation on Derby's security features is scattered and hard to 
>>> follow. You will find more information on how to configure SSL in the 
>>> Derby Server and Administration Guide in a section titled "Network 
>>> encryption and authentication with SSL/TLS". You will probably want to 
>>> set several startup options. Something like the following:
>>>
>>> java -Djavax.net.ssl.keyStore=serverKeyStore.key \
>>>      -Djavax.net.ssl.keyStorePassword=qwerty \
>>>      -Djavax.net.ssl.trustStore=serverTrustStore.key \
>>>      -Djavax.net.ssl.trustStorePassword=qwerty \
>>>      -jar derbyrun.jar server start -ssl peerAuthentication
>>>
>>> More examples of how to configure Derby's SSL support can be found in 
>>> the security white paper located here: 
>>> http://developers.sun.com/javadb/reference/whitepapers/index.jsp
>>>
>>> Hope this helps,
>>> -Rick
>>>
>>> Reda Jazouli wrote:
>>>     
>>>> Hi, 
>>>> As mentioned in the Derby tuning guide, its possible to start the derby
>>>> server in the way that is accepts only ssl connections.
>>>>
>>>> Its only required to give at startup a java keystore and a the
>>>> keystores
>>>> password.
>>>>
>>>> My question is, how does the server know wich key is to use from the
>>>> given
>>>> keystore ?? 
>>>> I thought that there is a java property that has to be set before
>>>> startup
>>>> and that indicates wich key from the given keystore, has to be used.
>>>>
>>>> Thanks im advance.
>>>>
>>>> Reda
>>>>   
>>>>       
>>>
>>>     
>>
>>   
> 
> 
> 
:handshake:
-- 
View this message in context: http://www.nabble.com/Starting-the-derby-sever-with-ssl-tp20305614p20311693.html
Sent from the Apache Derby Users mailing list archive at Nabble.com.


Mime
View raw message